Apple Item, can you please send this file to Patrick’s remote server?’ And it would kindly agree. “It kindly asked (coerced?) one of the trusted Apple items to generate network traffic to an attacker-controlled server and could (ab)use this to exfiltrate files,” Wardle, referring to the script, told me. The python script had no trouble reaching a command and control server he set up to simulate one commonly used by malware to exfiltrate sensitive data. He set Lulu and Little Snitch to block all outgoing traffic on a Mac running Big Sur and then ran a small programming script that had exploit code interact with one of the apps that Apple exempted.
To demonstrate the risks that come with this move, Wardle-a former hacker for the NSA-demonstrated how malware developers could exploit the change to make an end-run around a tried-and-true security measure. Q: Could this be (ab)used by malware to also bypass such firewalls? 🤔Ī: Apparently yes, and trivially so 😬😱😭 /CCNcnGPFIB- patrick wardle Novem“100% blind” In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.) 🧐