Skip to main content

macOS Big Sur 11.2 beta 2 removes filter that lets Apple apps bypass third-party firewalls

Back in November, some developers raised concerns due to a change in macOS Big Sur, which allowed Apple apps to bypass firewall filters in any situation. Since this could lead to security and privacy breaches, Apple has removed this list of exceptions from macOS Big Sur 11.2.

After some macOS apps didn’t work due to a outage in Apple’s servers on the launch day of Big Sur, developers tried to block the system from communicating with these servers but they found out that Apple forced its official apps to have full access to the network even with a firewall configured.

An internal file has been added on macOS Big Sur with something called “ContentFilterExclusionList,” which is a list of several Apple apps and services that can bypass any firewall installed on the Mac. This includes the App Store, FaceTime, the software update service, and even the Music app.

Since these apps and services were bypassing the firewalls, users could no longer block them or even monitor them to see how much data Apple apps were transferring or what IP addresses they were communicating with. Worse than that, it was revealed that hackers could create malware that abuses these “excluded items” to bypass the firewall.

Luckily, security researcher Patrick Wardle revealed today that Apple has removed these exceptions for its apps with macOS Big Sur 11.2 beta 2 — which was released today for developers and users registered in the Public Beta program.

In other words, that means Apple’s apps can no longer bypass third-party firewalls and users can once again monitor their traffic on the web. However, since macOS Big Sur 11.2 is only available as a beta release for now, we don’t know yet when this change will reach all users.

Wardle detailed the removal of ContentFilterExclusionList from macOS and its potential risks in his Patreon blog, which you can access here.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel



Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.