macOS Big Sur Can Bypass Your Firewall and VPN

When you install a VPN or a firewall, you expect that your operating system will automatically shunt all connection data through it. The Next Web mentions that tests were done on Apple’s latest operating system, Big Sur, which have shown that Apple’s apps bypass your installed firewall or VPN to connect. This occurrence has raised red flags for security professionals around the world. The primary reason users install VPNs is to protect their data from prying eyes, while firewalls serve to keep unwanted traffic out of the user’s system. With macOS Big Sur’s tendency to ignore these security measures, the company may have some explaining to do regarding why.

Most Popular VPNs Tested

Experts tested connections using ExpressVPN and NordVPN. The results were the same for these two VPNs, suggesting it would remain the same across each other client as well. The issue lies with the fact that these apple apps’ data can be collected while it’s being sent to Apple’s servers. Users who want to protect their data or are interested in securing their personal information should be concerned about using their machines that come with Big Sur installed. Security Researcher at Jamf, Patrick Wardle, tweeted details on how malware could easily exploit this seemingly built-in security issue in the operating system.

Only Apple’s Apps Sidestepping Security

An investigation has shown that only Apple’s proprietary apps are (so far) exploiting this hole to send data directly to servers by avoiding VPNs and firewalls. However, this in itself is a dangerous precedent. It’s problematic from a user’s perspective why Apple would make their own apps exceptions to a rule they implement for all other applications on their play store. Some experts figure it may be due to licensing issues, while others think that Apple is unhappy with users hiding information it believes it should have access to, such as their location. VPNs and firewalls remain two of the most prominent ways for users to protect themselves online. These applications bring about serious security concerns.

Why Should Users Care?

Most apple users don’t worry too much about security concerns and can use their apps for such diverse functions as ordering food or designing Legacy Quartz Countertops. However, Apple does have a history of being lax with their security protocols. There have been at least two instances in 2014 and 2017 where Apple’s iCloud was on the receiving end of a hack, resulting in millions of user details and private photos ending up in the hands of malicious actors. Users were incensed back then, but it seems that Apple hasn’t yet learned its lesson about playing fast and loose with user data.

In the short term, the least Apple can do is offer a patch to solve this issue. Users should be informed about the potential for their data to end up in the wrong hands. With many users believing that their data is secured behind a firewall and a VPN, it may come as a surprise to them if their identity gets stolen because of Big Sur’s lax security. This back door also enables malicious users to develop apps that can exploit the built-in exploit at will. While security experts have frowned at Apple’s control over its users’ data in the past, this introduces a new low where the company seems to be careless with others’ information. So far the company has issued no explanation for their apps’ behavior.