The problem had been spotted ages ago when Big Sur was in the beta testing phase. Apple was expected to fix the flaw before the OS was released. For some reason, Apple didn’t.
Beginning with macOS Catalina released last year, Apple added a list of 50 Apple-specific apps and processes that were to be exempted from firewalls like Little Snitch and Lulu.
The undocumented exemption, which didn’t take effect until firewalls were rewritten to implement changes in Big Sur, first came to light in October.
Patrick Wardle, a security researcher at Mac and iOS enterprise developer Jamf, further documented the new behaviour over the weekend. To demonstrate the risks that come with this move, Wardle — a former hacker for the NSA — demonstrated how malware developers could exploit the change to make an end-run around a tried-and-true security measure.
Wardle tweeted a portion of a bug report he submitted to Apple during the Big Sur beta phase. It specifically warns that “essential security tools such as firewalls are ineffective” under the change.
Apple has yet to explain the reason behind the change but then again, what did you expect?