{"id":722,"date":"2021-01-19T12:39:48","date_gmt":"2021-01-19T07:09:48","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=722"},"modified":"2021-06-07T10:39:13","modified_gmt":"2021-06-07T05:09:13","slug":"apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/","title":{"rendered":"Apple Pushes MacOS Feature That Sanctions Applications to Bypass Firewall Security"},"content":{"rendered":"\n
Apple removes a controversial update from this MacOS that permits the users to overlaps the VPNs, content filters, and third-party firewalls named as ContentFilterExclusionList that includes the list of about 50 Apple applications includes Maps, FaceTime, Homekit, iCloud, Music, App Store, and from its software updates services.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
These services are routed through the Network Extension Framework that was responsible for managing the firewall protections.<\/p><\/p>\n\n\n\n
This all started in October by releasing macOS Big Sur, which shows the concerns from security researchers who simply said that this feature was modified and misused by the attackers.<\/p><\/p>\n\n\n\n
The attackers exfiltrate the crucial data by modifying it over the trusted application and then overlaps the security firewalls accordingly. After lots of feedback and bug reports from the developers, it looks that the security is being compromised.<\/p><\/p>\n\n\n\n
After this news was leaked the apple block all the network traffic that includes their applications. The update comes as Apple Support for the Network Kernel Extension in 2019 to resolve the issue.<\/p><\/p>\n\n\n\n
Through this update, Apple simply tells about the system extensions and which type of network filter used to know about in detail read the upcoming section.<\/p><\/p>\n\n\n\n
Apple Network Kernel Extension Update<\/strong><\/h2>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Extension for operating system Cataline(10.15) permits the software to work as network extensions and also as security endpoint solutions to extend the working of macOS without kernel-level access.<\/p><\/p>\n\n\n\n
In the update, Apple announced the list of networks and improve the security, reliability and they enabled user-friendly distribution methods. Apple also says that if the software uses deprecated KPIs, then you need to know out about the component used in stand-alone system extensions.<\/p><\/p>\n\n\n\n
Apple also shares the list of deprecated KPIs for macOS 10.15 and 10.15.4.<\/p>\n\n\n\n
KAUTH<\/strong><\/h2>\n\n\n\n
Apple recommends the users to use EndpointSecurity instead of using the deprecated KPIs;<\/p>\n\n\n\n
kauth_unlisten_scope<\/li>
kauth_listen_scope<\/li><\/ul>\n\n\n\n
Network Filter<\/strong><\/h3>\n\n\n\n
User should use NetworkExtesnsion as alternatives of the following KPIs;<\/p>\n\n\n\n
ipf_inject_input<\/li>
ipf_addv4<\/li>
ipf_addv6<\/li>
ipf_inject_output<\/li>
ipf_remove<\/li>
sflt_attach<\/li>
sflt_detach<\/li>
sflt_register<\/li>
sflt_unregister<\/li>
sock_accept<\/li>
sock_bind<\/li>
sock_close<\/li>
sock_connect<\/li>
sock_getpeername<\/li>
sock_getsockname<\/li>
sock_getsockopt<\/li>
sock_gettype<\/li>
sock_inject_data_in<\/li>
sock_inject_data_out<\/li>
sock_ioctl<\/li>
sock_isconnected<\/li>
sock_isnonblocking<\/li>
sock_listen<\/li>
sock_receive<\/li>
sock_receivembuf<\/li>
sock_send<\/li>
sock_sendmbuf<\/li>
sock_setpriv<\/li>
sock_setsockopt<\/li>
sock_shutdown<\/li>
sock_socket<\/li>
sockopt_copyin<\/li>
sockopt_copyout<\/li>
sockopt_direction<\/li>
sockopt_level<\/li>
sockopt_name<\/li>
sockopt_valsize<\/li>
<\/li><\/ul>\n\n\n\n
IOHID and IOUSB Family<\/strong><\/h3>\n\n\n\n
IOUSBFamily KPI\u2019s are deprecated and their headers are removed from SDK after macOS EI is released. Therefore all the clients have to move on IOUSBHostFamily or use USBDriverkit in place of it. Whereas all the IOHIDFamily KPI\u2019s are deprecated therefore users should use HIDDriverKit.<\/p><\/p>\n\n\n\n
USB Networking, USB Serial, and USB Vendor Specific IPC<\/strong><\/h3>\n\n\n\n
Users have to use USBDriverKit or NetworkingDriverKit instead of IONetworkingFamily KPIs. Clients should use USBSerialDriverKit or SerialDriver Kit in place of IOSerialFamily because these KPI are deprecated.<\/p><\/p>\n\n\n\n
At the End<\/strong><\/h3>\n\n\n\n
Security researchers also said that the Apple applications were excluded from NEFilterDataProvider, that includes a network content filter that makes permits to installed application such as LuLu and Little Snitch helps to monitor and manage data traffic using VPN and Firewall. He also demonstrates that how these malicious applications easily evade the firewall and overlap the transmitted data to a hacker and controlled server with the help of basic Python code that was attacked the traffic into Apple exempted application.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
Apple removes a controversial update from this MacOS that permits the users to overlaps the VPNs, content filters, and third-party firewalls named as ContentFilterExclusionList that includes the list of about 50 Apple applications includes Maps, FaceTime, Homekit, iCloud, Music, App Store, and from its software updates services. These services are routed through the Network Extension […]<\/p>\n","protected":false},"author":2,"featured_media":725,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[],"yoast_head":"\n
Apple Pushes MacOS Feature That Sanctions Applications to Bypass Firewall Security - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apple Pushes MacOS Feature That Sanctions Applications to Bypass Firewall Security - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Apple removes a controversial update from this MacOS that permits the users to overlaps the VPNs, content filters, and third-party firewalls named as ContentFilterExclusionList that includes the list of about 50 Apple applications includes Maps, FaceTime, Homekit, iCloud, Music, App Store, and from its software updates services. These services are routed through the Network Extension […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-19T07:09:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-07T05:09:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/01\/Apple-Update-Seurity-Issues-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"976\" \/>\n\t<meta property=\"og:image:height\" content=\"549\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Apple Pushes MacOS Feature That Sanctions Applications to Bypass Firewall Security\",\"datePublished\":\"2021-01-19T07:09:48+00:00\",\"dateModified\":\"2021-06-07T05:09:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/\"},\"wordCount\":569,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Infosec News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/\",\"url\":\"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/\",\"name\":\"Apple Pushes MacOS Feature That Sanctions Applications to Bypass Firewall Security - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-01-19T07:09:48+00:00\",\"dateModified\":\"2021-06-07T05:09:13+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apple Pushes MacOS Feature That Sanctions Applications to Bypass Firewall Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Apple Pushes MacOS Feature That Sanctions Applications to Bypass Firewall Security - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/","og_locale":"en_US","og_type":"article","og_title":"Apple Pushes MacOS Feature That Sanctions Applications to Bypass Firewall Security - Xiarch Solutions Private Limited","og_description":"Apple removes a controversial update from this MacOS that permits the users to overlaps the VPNs, content filters, and third-party firewalls named as ContentFilterExclusionList that includes the list of about 50 Apple applications includes Maps, FaceTime, Homekit, iCloud, Music, App Store, and from its software updates services. These services are routed through the Network Extension […]","og_url":"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-01-19T07:09:48+00:00","article_modified_time":"2021-06-07T05:09:13+00:00","og_image":[{"width":976,"height":549,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/01\/Apple-Update-Seurity-Issues-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Apple Pushes MacOS Feature That Sanctions Applications to Bypass Firewall Security","datePublished":"2021-01-19T07:09:48+00:00","dateModified":"2021-06-07T05:09:13+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/"},"wordCount":569,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Infosec News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/","url":"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/","name":"Apple Pushes MacOS Feature That Sanctions Applications to Bypass Firewall Security - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-01-19T07:09:48+00:00","dateModified":"2021-06-07T05:09:13+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/apple-pushes-macos-feature-that-sanctions-applications-to-bypass-firewall-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Apple Pushes MacOS Feature That Sanctions Applications to Bypass Firewall Security"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/722"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=722"}],"version-history":[{"count":2,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/722\/revisions"}],"predecessor-version":[{"id":727,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/722\/revisions\/727"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/725"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Network](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/01\/Apple-Update-Seurity-Issues-image-2-1024x576.jpg\")
<\/figure><\/div>\n\n\n\n![\"Apple](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/01\/Apple-Update-Seurity-Issues-image.jpg\")
<\/figure><\/div>\n\n\n\n