Skip to main content
  1. Home
  2. Blog
  3. The network is back... in Big Sur
Jamf Blog
person working at computer desk
February 1, 2021 by Matthias Wollnik

The network is back… in Big Sur

Security

Apple has removed the ContentFilterExclusionList in macOS 11.2. Host-based firewalls and tools using the Network Extension Framework are back in business.

Apple responds to community feedback with increased safety and security measures

In response to community feedback surrounding security, Apple has removed the ContentFilterExclusionList in macOS 11.2.

All network communications are now subject to host-based firewalls and tools using the Network Extension Framework can now track them. This means that socket filter firewalls can now comprehensively monitor or block all OS traffic without dependence on kexts.

This demonstrates that Apple is listening to the security community and making network monitoring a priority. We applaud Apple’s continued drive toward stronger security and privacy.

Background of Apple ContentFilterExclusionList issue

Until this new release, macOS Big Sur allowed 53 of their apps to use the network without being restricted by host-based firewalls or tracked by security applications using the Network Extension Framework. These included widely-used apps such as the App Store, Maps and iCloud.

The system maintained the full list here: /System/Library/Frameworks/NetworkExtension.framework/Versions/Current/Resources/Info.plist

This exclusion list forced security vendors to rely on kernel extensions (kexts) for security measures, which Apple is phasing out. That introduced more friction for organizations in the rollout of the latest Apple M1 chip.

Additionally, security researchers — including our own Patrick Wardle — pointed out that bad actors could exploit the list to build malware that piggybacked on trusted Apple apps.

And privacy experts were concerned that macOS might expose their real IP address and location — with this list, VPN products could not protect their users’ locations.

A smart move from Apple

Swiftly implementing this change in response to feedback ensures that security teams can control and monitor their Mac network activity. They can mitigate risks on devices with their own VPNs, firewalls and security tools. And they can deploy tools that support Big Sur/M1 to do so.

Apple, by listening to community feedback and incorporating changes quickly, has helped the Apple community build long-term sustainable security applications through the Endpoint Security Framework and Network Security Framework.

By continuing to respond to feedback and put the customer experience first, Apple has maintained their status as the most secure and private computer tech available.

Photo of Matthias Wollnik
Matthias Wollnik
Jamf
Previous Blog Post:
 Prev
 How to achieve complete Microsoft enterprise compliance with Apple Blog Homepage
 Next Blog Post:
 Next
 Jamf recognized by Influitive’s Best Advocate Marketing Awards
Related Resources
White Paper

How to Take Advantage of macOS Big Sur Security Benefits

Read More
Blog

5 ways Jamf secures macOS 11 Big Sur

Read More
White Paper

Deprecating Kernel Extensions: How to Transition to Kextless Workflows

Read More
Blog

What type of mobile VPN is right for your mobile fleet?

Read More
Browse Blog
by Category:
Jamf Pro (586) Enterprise (497) Jamf Nation User Conference (323) Security (320) K-12 Education (185) Healthcare (153) Jamf Protect (149) Jamf School (131)
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.