If you’re a VPN user and have been using Big Sur 11 for a while, you should know that there’s an update – Big Sur 11.2.
We strongly recommend updating to the new version as soon as possible. If you don’t do it, and aren’t using the “right” Mac VPN, your privacy will be at risk.
Here’s what you need to know about that.
Why Big Sur 11 Isn’t Safe for VPN Users
Here’s the thing – that update actually made it possible for Mac apps to bypass third-party security solutions (like firewalls and VPNs).
So even though you’re running a VPN connection while using different apps (Siri, iCloud, iMessages, FaceTime, etc.), they can still share some unencrypted data with Apple’s servers. Basically, this is the kind of information Apple is getting:
- Your IP address (including timestamp);
- What apps you use;
- When you use specific apps;
- Where you use the apps from (what country and city).
Quite the privacy nightmare, right?
All that is made possible by one little key: ContentFilterExclusionList. You can find it in the Info.plist file located here:
- /System/Library/Frameworks/NetworkExtension.framework/Versions/A/Resources
NetworkExtension is a specific API from Apple which security programs must now use. Unfortunately, if they do that, it will force them to exclude certain data. Essentially, firewalls can’t block Apple’s apps from communicating with the web, and VPNs can’t route their traffic through an encrypted protocol.
Privacy Isn’t the Only Concern
The security of your data is an issue too. What if hackers manage to exploit one of the 56 apps from Apple that can bypass firewalls?
They don’t need to worry about how they get around a security tool like Little Snitch anymore. They just need to find a small vulnerability in one of those apps, and you’re done for! They’ll be able to infect your device with malware in no time.
Not to mention they’ll also be able to listen in on your traffic. VPNs can’t encrypt it anymore, after all.
The Good News
Not all VPN clients are susceptible to the Big Sur privacy issue. Most of the top VPN providers on the market don’t use the NetworkExtension API.
So, their apps won’t leak your data if their kill switch is enabled (a feature that stops network traffic if the VPN connection goes down).
Big Sur 11.2 Fixes the Privacy Problem (Among Other Things)
Apple listened to users’ complaints, and fixed the problem with the Big Sur 11.2 update. In short, they deactivated the ContentFilterExclusionList key. As a result, Apple’s apps are now fully compatible with all VPNs, firewalls, and any other third-party security tools.
That’s why you shouldn’t postpone this update and run it right now. It’s only 3.66GB, so the download and installation should go smoothly.
Other Improvements
Besides fixing the VPN/firewall issue, here’s what else Big Sur 11.2 has in store for you:
- Improved Bluetooth reliability;
- Fixed various issues:
- Edits to Apple ProRAW images in the Photos app not saving at all.
- Random black screens on external displays when using an HDMI to DVI converter with an M1 Mac mini.
- iCloud Drive shutting down when you pick the Desktop & Documents option.
- System Preferences not unlocking when you enter the right password.
- Security patches for known vulnerabilities
If you’d like to read about all the security changes,check out this article.
Why You Might Want to Upgrade to Big Sur 11.2.1
Big Sur 11.2 isn’t the latest version since Apple recently released Big Sur 11.2.1.
Should you upgrade to it?
Well, it depends. The VPN/firewall security issue is already fixed in Big Sur 11.2. If that was your only concern, you can skip this update for now.
However, if you have a MacBook Pro model from 2016 or 2017, you might want to update to Big Sur 11.2.1. The new version apparently fixes a critical bug that prevented those MacBook Pro models from properly charging. Basically, the battery will now fully charge without any issues.
How to Find a Good Mac VPN
To find VPNs that work well with Macs, click here. They’re one of the biggest VPN review sites on the web, so their recommendations are reliable.
And here’s the good news – if for some reason you can’t or don’t want to update to Big Sur 11.2, that article will help you find VPNs that don’t leak your data.
But if you plan on doing that, you should definitely turn off parts of SIP (System Integrity Protection). That way, you can use old versions of Little Snitch (or other security tools) which Apple can’t force to compromise your data.This guide might be of help.
Was This a Mistake or Intended?
We’re leaning towards thinking it was a mistake on Apple’s part. It doesn’t really make sense for Apple to intentionally make it impossible to encrypt all network traffic with a VPN. Here’s why:
- Most companies that sell computers require them to have VPN support. We really doubt that Apple would want to lose that market share.
- Apple’s built-in VPN function actually works. Even if you’re using Big Sur 11, it will still fully encrypt your data.
The Bottom Line
If you keep using Big Sur 11 instead of 11.2, VPNs and firewalls won’t work correctly – they won’t encrypt all the traffic from Apple’s apps, and they won’t block all traffic either. All in all, it’s a huge security and privacy concern. So make sure you update to 11.2 ASAP. Also, only use reliable Mac VPNs (like ExpressVPN or NordVPN).
If you have other information about this topic, or would just like to share your opinion, please leave a message in the comments below. We’d also really appreciate it if you’d share this article online (if you found it helpful, of course).