“Taking aim at the status-quo of macOS firewalls, researcher Patrick Wardle has made his case for Apple and third-party security firms to beef up their protections,” Tom Spring reports for Threatpost. “At a session here at Black Hat 2018, Wardle, chief research officer at Digita Security and founder of Mac security company Objective-See, showed how easy it is to break, bypass and dismantle macOS firewall products.”
“For starters, Wardle pointed out that while macOS does have a built-in firewall, its effectiveness is limited because it only blocks and monitors incoming connections; there’s no processing of outgoing connections, he points out,” Spring reports. “‘That means if a piece of malware does get on your system in some way, even if your Mac firewall is on, it’s not going to filter or block that (outbound) connection,’ Wardle said.”
“Those shortcomings put the spotlight on third-party macOS firewall solutions,” Spring reports. “But, even with those, Wardle uncovered problems. During his talk, Wardle showed that it’s fairly trivial to bypass these firewall products.”
Read more in the full article here.
MacDailyNews Note: As Spring reports, in an effort to encourage development of better host-based macOS firewalls, Wardle released the open-source LuLu firewall earlier this year. The code is hosted on GitHub and he hopes it will be serve as a starting point for more robust macOS firewalls in the future. More info here.