Apple is apparently taking back a controversial innovation from macOS 11: An exclusion list that has been integrated into the operating system so far, with which the manufacturer filters its own network services exempting local firewalls is apparently being deleted. Programs like the firewall Little Snitch or the data-saving tool Trip Mode are no longer able to use most of the Apple services in macOS 11 Big Sur block – a nuisance for users as well as developers.

Malware can abuse Apple’s exclusion list A security researcher also pointed out that malware can misuse Apple’s exclusion list to call home unnoticed. Security researcher Patrick Wardle warned last November that he could have easily written a tool that hangs piggyback on one of the exempt Apple services and thus could contact his own server unnoticed and unblocked through local firewalls.

In the most recent beta 2 of macOS 11. 2 Apple’s exclusion list (“Content Filter Exclusion List “) suddenly completely removed, explained Wardle now. His own firewall LuLu can again see and block all network traffic. The Little Snitch developer Objective Development also emphasizes that their own firewall from macOS 11. 2 can “reliably display and filter all network traffic”. Apple itself has not yet commented on the problem.

Exclusion list only really works in Big Sur Already since macOS 10. 15 Catalina puts Apple over 50 its own apps and services on the said exclusion list. It makes their network activities invisible to third-party apps that use Apple’s new network extensions NEFilterDataProvider and NEAppProxyProviders. In macOS 10. 15, the exclusion list usually does not work yet because local firewalls are included a kernel extension can intervene deeper in the system. Kernel extensions are considered obsolete by Apple and can only be used to a limited extent and with additional effort in macOS 11; accordingly, firewalls and other tools must be based on the convert new network expansions.

(lbe)