There is no doubt about the strength of Apple security features. It seems that it is time to say goodbye to Apple’s controversial feature from its macOS operating system. That means Apple’s applications are not allowed to bypass content filters, VPNs, and third-party firewalls. These applications that contain more than 50 popular apps, besides the apple software update service, are not routed through Network Extension Framework, effectively circumventing firewall protections any more. That brings more security to users of iCloud, Maps, Music, FaceTime, HomeKit, the App Store and etc.
Releasing of macOS Big Sur last October, convinced these apps’ users that they are in danger of being abused. The danger that lets hackers leverage exfiltration of sensitive data. They actually piggyback on the data they steal before bypassing firewalls.
As Patrick Wardle has stated:
“After lots of bad press and lots of feedback/bug reports to Apple from developers such as myself, it seems wiser (more security conscious) minds at Cupertino prevailed.”
What is NEFilterDataProvider?
There is a question that needed to be answered. Were Apple security features ineffective against hackers’ attacks? We also need to know what NEFilterDataProvider is? That helps us to achieve a better understanding of the previous question.
Filter Data Provider receives Network content in the form of NEFilterFlow objects from each.
The Filter Data Provider is responsible for deciding whether to pass or block data. If the amount of data is not enough to make this decision, the Filter Data Provider will access more information by requesting more data.
Based on these passing and blocking processes, Filter Data Provider sets the rules of the device and place them where to be readable from the Filter Data Provider extension. Filter Data affects Apple’s users’ experience.
Filter Data Provider protects the user’s privacy by preventing the move of network content outside of its address space.
Were Apple security features ineffective against hackers’ attackers?
So what is wrong with Apple security features? Nothing, but applications can simply bypass the NEFilterDataProvider.
Hackers’ threats were not the only thing that could scare Apple’s users. VPN apps such as LuLu and Little Snitch could also monitor and even control users’ data traffic by abusing NEFilterDataProvider. The most obvious result that we would face after these changes is empowering socket filter firewalls such as LuLu to filter/block all network traffic, including those from Apple apps.
Now that hackers are cloning Google titans and the privacy of Google Docs is still under the question, Apple is losing its legacy as a perfect symbol applying cybersecurity too. Google’s security gaps rarely changed their generic audiences’ ideas about the privacy of Google services. Generic audiences of Google, rarely care about what has happened to the hardware security key. On the other hand, the integrity of Apple’s universe causes their customers to lose their trust in Apple security features by the slightest bad news that they hear about the services that apple provides. Maybe it is time for Apple to revive Apple bug bounty, to prevent the immigration of vulnerabilities.