Critical Firewall Vulnerability in Apple's MacOS Sonoma: Mullvad VPN Raises Alarm
- 13 Sep 2023
- Brett Takken
As technology continues to advance, the responsibility of ensuring robust security measures falls on both software developers and end-users. Recent reports from Mullvad, a renowned VPN service provider, have revealed a severe vulnerability in Apple's forthcoming MacOS Sonoma. The flaw is deeply embedded in the system's firewall and could potentially disrupt Mullvad's VPN service, among others that depend on packet filtering.
Mullvad, a Swedish-based VPN provider, issued an alarming statement on Wednesday. It detailed the issue with the MacOS Sonoma, which is currently available in beta versions and is scheduled for full release on September 26. According to Mullvad, the MacOS 14 Sonoma betas and the release candidate contain a bug that interferes with the proper functioning of the firewall, and as a consequence, their app ceases to work. This flaw, however, is not exclusive to Mullvad's app but can potentially affect other apps reliant on MacOS's firewall settings.
The severity of the issue lies in the firewall's inability to apply rules correctly to network traffic. As a result, traffic that should be blocked is allowed to pass through, potentially leading to data leaks, especially when local network sharing is enabled. Mullvad has cataloged this as a critical flaw, cautioning anyone who relies on packet filtering or apps that use it on their MacOS devices to be wary of upgrading to MacOS 14.
When contacted for comment, Apple did not immediately respond. Mullvad claims to have reported the flaw to Apple following the release of MacOS Sonoma beta 6 last month. Regrettably, the bug remains unresolved in subsequent MacOS 14 betas and the release candidate. The company has attempted to develop a workaround but believes that the firewall bugs should be rectified by Apple.
In conclusion, Mullvad has advised its users to refrain from upgrading to MacOS Sonoma until the issue is resolved. This serves as a reminder of the importance of diligent software testing and updating to ensure optimal security. While we await responses from Mullvad and other VPN providers for further information, this incident underscores the importance of cybersecurity vigilance, both for businesses and individual users.