UPDATE- November 14th
Originally Published on October 20th
Some default Apple apps on macOS Big Sur, which remains in beta, bypasses any network firewall or VPN connection a user has connected. The behavior was first spotted by Twitter user @mxswd and is more thoroughly explained by security researcher Patrik Wardle.
According to Patrick on older versions of macOS a firewall could be setup using the Network Kernal Extension, but on macOS Big Sur, Apple has deprecated the extension which allows for “many” of their apps to bypass the firewall. Patrick provides two macOS Big Sur firewall examples, Lulu and Little Snitch.
In a test it shows that regardless of changing firewall rules, incoming and outgoing connections, and enabling “deny mode”, the Mac App Store still ignores the firewall and passes through the connection, completely ignoring it. This behavior is alarming, however, how widespread it is and what apps exactly bypass through the connections are unknown.
It is fully possible that this is a bug given macOS Big Sur still remains in beta with an unofficial launch date. It’s likely that these tests were conducted on the latest beta, and could be patched in the upcoming beta given the widespread attention it’s gathered online. If it isn’t patched, then it seems to be a deliberate move by Apple to not allow its own apps to bypass through VPN and firewall connections.