Not a great start of the year for Apple. First, it was revealed that several iOS vulnerabilities have been actively exploited by cyber attackers – the scale of the attack is not yet known. Now it turns out that the latest MacOS update resulted in over 53 Apple apps being able to bypass VPNs and firewalls, essentially nullifying their security benefits. See the full details below.
Big Sur 11.2 – How It Affected Mac VPNs
Beta 2 of the macOS Big Sur 11.2 update included a new “feature” called ContentFilterExclusionList, which basically gave a free pass for many Apple apps to get around firewall restrictions, VPN tunnels, and other security checks. Now, there are two major concerns with this behavior:
- As security experts pointed out, hackers could design malware that infects Apple apps, allowing the infection to slip by unnoticed by anti-malware applications.
- VPNs are designed to mask your IP address, which reveals your real life location (country, city, ZIP code). If not for its removal, the ContentFilterExclusionList feature would have been constantly broadcasting your location to Apple, despite having a VPN installed.
And yes, the feature has indeed been removed, partly owing to the negative feedback from the community. According to ZDNet, Apple claimed the exclusion list was merely a temporary workaround while Apple engineers gradually added new fixes to the Big Sur update.
Were All Mac VPNs Affected by the Update?
As mentioned by several VPN providers, including ExpressVPN, ProtonVPN, and others found on ProPrivacy’s best list of Mac VPNs, the feature only affected VPNs that use specific APIs in macOS’ Network Extension Framework (such as NEFilterDataProvider, NEAppProxyProvider).
First-party apps (such as iCloud) were allowed to bypass these extensions, leading to data leaks in specific VPNs that used them. CyberGhost VPN and Surfshark were among the providers affected. Both of them informed ProPrivacy that they were looking into the issues, and would update their macOS clients as needed.
So Will My VPN Work on Big Sur 11.2?
Pretty much, yes. As mentioned, Apple has removed the offending feature in beta 2 of the Big Sur update, meaning all network data should correctly pass through the encrypted VPN tunnel. To install the latest macOS update, follow the steps below:
- Click the Apple icon in the top-left corner of the screen
- Choose “System Preferences…” from the drop-down list
- Select “Software Update” in the newly opened menu
- Click on “Update Now” to begin the process. Alternatively, you can check the update file size by selecting “More Info…” then click Install Now to begin the update.
Make sure to update your VPN client as well, as your provider may have made changes to counteract Apple’s ContentFilterExclusionList.
Should You Use a Free VPN on macOS?
While it’s an excellent idea to secure all your devices with a VPN (including your Mac), free VPNs are not the way to go. That is, unless you’re okay with having your emails, passwords, payment info, and other sensitive data leaked online. A mere seven free VPNs based in Hong Kong managed to compromise all that data for 20 million users.
Think that’s an isolated incident? We wish that were the case. However, researchers have discovered that as many as 60% of the top free VPNs on the App Store and Google Play Store are owned by organizations in China. That’s not a good sign, considering the country’s track record of online censorship, mass surveillance, and severe restrictions imposed on VPNs.
What’s more, 80% of the top 20 free VPNs on the App Store are still in violation of the App Store Review Guidelines, long after these discoveries were brought to Apple’s attention. If you weren’t familiar, these guidelines prohibit apps from sharing user data with third parties. Considering many free VPNs outright sell your browsing activity to advertising networks – well, you see where this is going.
But what about the “clean” providers who don’t resort to such tactics? Well, if you only intend to use your Mac for light browsing, then they might actually be a great option. However, for anything else, you’re pretty much better off getting a subscription. Here’s why.
The Limitations of Free Mac VPNs
It’s no secret that VPNs can affect your overall network speeds. For one, your data needs to travel through your provider’s servers before it reaches its destination, and vice-versa. The encryption process can also slow things down if your Mac’s CPU is on the slower side. Thankfully, top-rated VPNs can afford high-performance servers for their users, so the problem is not as noticeable.
With free VPNs, however, you’ll have to deal with:
- Slow speeds/ bandwidth throttling – millions of people use free VPNs each day, and those providers need to offer relatively equal speeds for all users. Don’t be surprised if your connection is slowed down to a crawl, even if you have high-speed broadband.
- Minimal monthly data allowances – free provider data caps range from 500 MB to 10 GB. Considering the average hourly data usage for 480p YouTube videos is around 480-660 MB, you don’t have much to work with.
Aside from that, free VPNs are pretty much unable to unblock content on major streaming sites. One major reason people use VPNs nowadays is to view shows and movies from Netflix’s international libraries, or use streaming platforms unavailable in their area (Hulu, BBC iPlayer, etc.)
Unfortunately, these companies aggressively block VPN IP addresses, even for major providers like ExpressVPN and NordVPN. As opposed to free VPNs, however, premium providers can afford to get fresh new IPs for their users. Not to mention they can invest in new obfuscation methods that help them stay one step ahead of advanced VPN detection methods.
The Bottom Line
Apple’s Big Sur 11.2 update had security experts worried in its second beta stage. Fortunately, the tech giant removed the feature causing all the ruckus, once again allowing VPNs, firewalls, and other security software to do their jobs properly. Hopefully, this was a one-off incident and not a sign of the direction Apple is considering for its products.