• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Concerns Over Apple’s New Privacy and Security Decisions with Big Sur

December 10, 2020 By Josh Stuifbergen

Apple is a very polished company, both in how it designs and advertises its products. The latest macOS release of Big Sur, however, was anything but smooth. This can be partially attributed to Apple’s decision to use Online Certificate Status Protocol (OCSP) for certificate authentication and certificate revocation tracking. The issue is not only due to using OSCP, but that their querying intervals were too short for the deluge of OSCP Responder calls to ‘oscp.apple.com’ server. The real “meat” of the OS rollout mishap came from a user’s discovery of how its application certificate verification process revealed a significant portion of private data.

Jeff Johnson and others revealed that OSCP queries were used to verify certificate revocation for third-party applications. This process sent unencrypted data to Apple such as the Internet Protocol (IP) address, date, city, Internet Service Provider (ISP), and the application hash, each time an application was opened. This meant information that would be considered personal to some, such as application use, was being leaked to users’ ISP. The process of checking applications’ hashes to ensure their integrity is standard and considered good security. What is considered less standard is how this data is transported between macOS devices installed with Big Sur and the servers checking the hash integrity. One might consider it a burdensome process to encrypt each OSCP query, but the alternative is a disappointing level of privacy.

The transition from Catalina to Big Sur included another big overhaul of Apple’s security framework. Apple phased out the Network Kernel Extension and transitioned to their new Network Extension API. Companies like LittleSnitch and others in the security community noticed that Apple’s new API not only whitelisted many Apple services (as is normal for certain core services) but also hid this traffic. This meant Apple services like Apple Maps would deliver data to Apple hidden behind the cover of their API. A basic expectation of a firewall is to know of all traffic going in and out of a device regardless of whether you can control the data being transmitted. This raises security concerns on how hackers may find ways to tunnel behind a third-party firewall via an Apple service to avoid detection.

These security concerns have been magnified by the fumbling of the Big Sur rollout. Apple has already acknowledged some of what they need to improve on. This has started a conversation in the tech community around the privacy and transparency customers should expect from a company.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Big Sur, macOS, OSCP, privacy

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use