Man
Professional
- Messages
- 3,079
- Reaction score
- 615
- Points
- 113
Some applications ignore routing rules.
Security analysts at Mullvad have identified situations where the macOS firewall does not work correctly and ignores the rules that have been set. The problem is especially relevant for VPN users, whose traffic can leak after system updates.
Mullvad experts note that in some cases, the macOS firewall stops functioning properly. Most traffic still goes through the VPN tunnel according to the routing table, but applications can bypass these settings and send data bypassing the secure connection.
The problem even affects Apple's own apps and services. According to Mullvad, the problems began with macOS 14.6 and were fixed in the recent 15.1 beta. The company has already reported the problem to Apple and hopes for a quick fix.
The first method is quite simple. It is recommended that users add a firewall rule that blocks all outbound traffic. After that, you should try to send a network request. If the request succeeds despite the blocking rule, you can conclude that there is a traffic leak bypassing the firewall.
The second method is more complex and involves testing the VPN app. First, you need to make sure that you don't have an active VPN connection. Next, you should determine the primary network interface of the device – it can be Wi-Fi, Ethernet, or another type of connection. After that, you need to connect to a VPN server. The next step is to try to establish a connection to the remote server by sending requests through the original network interface defined earlier. If the VPN connection is active and it is possible to respond to requests sent through the source interface, it indicates that there is a traffic leak. Mullvad has published detailed commands on its blog to perform these checks.
On the Hacker News forum, users share other issues that arise after macOS updates. Many complain about resetting system settings, including firewall settings, which can lead to more liberal regulations and increase security risks.
Some users have reported apps launching spontaneously and playing audio/video content in browser tabs even before logging in. There are complaints about the automatic launch of many applications after an update, even if they were not opened earlier, as well as the loss of configuration settings.
To minimize the risks, macOS users are advised to restart their devices after installing updates, as problems often occur when the computer first starts after a system update.
Cybernews has reached out to Apple for comments on the identified issues. The manufacturer's response has not yet been received.
Source
Security analysts at Mullvad have identified situations where the macOS firewall does not work correctly and ignores the rules that have been set. The problem is especially relevant for VPN users, whose traffic can leak after system updates.
Mullvad experts note that in some cases, the macOS firewall stops functioning properly. Most traffic still goes through the VPN tunnel according to the routing table, but applications can bypass these settings and send data bypassing the secure connection.
The problem even affects Apple's own apps and services. According to Mullvad, the problems began with macOS 14.6 and were fixed in the recent 15.1 beta. The company has already reported the problem to Apple and hopes for a quick fix.
The first method is quite simple. It is recommended that users add a firewall rule that blocks all outbound traffic. After that, you should try to send a network request. If the request succeeds despite the blocking rule, you can conclude that there is a traffic leak bypassing the firewall.
The second method is more complex and involves testing the VPN app. First, you need to make sure that you don't have an active VPN connection. Next, you should determine the primary network interface of the device – it can be Wi-Fi, Ethernet, or another type of connection. After that, you need to connect to a VPN server. The next step is to try to establish a connection to the remote server by sending requests through the original network interface defined earlier. If the VPN connection is active and it is possible to respond to requests sent through the source interface, it indicates that there is a traffic leak. Mullvad has published detailed commands on its blog to perform these checks.
On the Hacker News forum, users share other issues that arise after macOS updates. Many complain about resetting system settings, including firewall settings, which can lead to more liberal regulations and increase security risks.
Some users have reported apps launching spontaneously and playing audio/video content in browser tabs even before logging in. There are complaints about the automatic launch of many applications after an update, even if they were not opened earlier, as well as the loss of configuration settings.
To minimize the risks, macOS users are advised to restart their devices after installing updates, as problems often occur when the computer first starts after a system update.
Cybernews has reached out to Apple for comments on the identified issues. The manufacturer's response has not yet been received.
Source
