macOS Firewall Bug Exposes VPN Users to Data Leaks
Security analysts at Mullvad have identified instances where the macOS firewall malfunctions, disregarding established rules. This issue is particularly concerning for VPN users, whose traffic may leak following system updates.
Mullvad specialists point out that in some cases, the macOS firewall ceases to operate correctly. While most traffic continues to pass through the VPN tunnel as per the routing table, certain applications may bypass these settings, transmitting data outside the secure connection.
The issue even affects Apple’s own apps and services. According to Mullvad, the malfunction began with macOS version 14.6 and was addressed in the recent 15.1 beta release. The company has already notified Apple of the problem and hopes for a swift resolution.
The first method of detection is fairly straightforward. Users are advised to add a firewall rule blocking all outgoing traffic, then attempt to send a network request. If the request succeeds despite the blocking rule, this suggests a traffic leak bypassing the firewall.
The second method is more complex and involves testing a VPN application. Users must first ensure no active VPN connection. Then, they should identify the device’s primary network interface—whether Wi-Fi, Ethernet, or another type of connection. After connecting to a VPN server, the next step is to attempt to establish a connection with a remote server by sending requests through the original network interface. If responses are received despite the active VPN, it indicates a traffic leak. Mullvad has published detailed commands for these checks on its blog.
On the Hacker News forum, users are sharing additional issues encountered after macOS updates. Many report system settings resets, including firewall configurations, which can lead to more lenient rules and increased security risks.
Some users have also reported spontaneous application launches and audio/video content playing in browser tabs even before logging in. There are complaints of multiple applications starting automatically after updates, even if they were not previously opened, as well as the loss of configuration settings.
To mitigate risks, macOS users are advised to restart their devices after installing updates, as problems often arise during the first boot after a system update.
Cybernews has reached out to Apple for comments on the identified issues, but no response has been received so far.
