Why Aren’t All VPNs Affected by Big Sur?

The Big Sur update has been the topic of many heated debates since it first launched. Are the new features worth the compromised security? Did Apple intentionally put VPN users at risk? Was this just a slip-up because the dev team was too relaxed?

And most important of all – why are some VPN users able to continue browsing the web safely without being affected by the Big Sur security issue?

What’s Going on?

When Apple released Big Sur, it forgot to mention one thing – that it’s not safe for VPN and firewall users. Basically, the new update caused VPNs to leak data and allowed Mac apps to bypass firewall rules.

For example, let’s say you use a firewall to stop FaceTime from going online. After the Big Sur update, the app would be able to circumvent the firewall. Similarly, if you’d use a VPN to encrypt your FaceTime traffic, it would leak data. FaceTime would communicate with the Internet and Apple outside the encrypted VPN tunnel.

What does that mean for you? It’s simple:

• Cybercriminals could abuse security vulnerabilities in Apple’s apps to take over your device. The firewall can’t stop them from communicating with Mac apps and spamming them with malicious traffic.
• Hackers could eavesdrop on your traffic while using any of Apple’s 56 apps on the Mac. Since it’s not encrypted by the VPN anymore, they’d be able to steal sensitive data.
• Apple could still see your IP address and geo-location when you use their apps. That’s a pretty serious privacy violation.

And, apparently, the culprit is one simple key found in the NetworkExtension API. That key is called ContentFilterExclusionList, and you can find it in this directory:

/System/Library/Frameworks/NetworkExtension.framework/Versions/A/Resources

Why Doesn’t Big Sur Affect All VPNs?

It looks like it completely depends on how the VPNs are set up. As long as the VPNs don’t use the NetworkExtension APIs present on macOS, they should be fine. That way, the ContentFilterExclusionList key can’t force the VPNs to ignore native Mac apps.

Funny enough, it looks like the built-in VPN functions on macOS also worked well with Big Sur. If you used native macOS apps over a Mac VPN connection, there would be no data leaks.

Which VPNs Work Well on Mac?

It’s not easy finding a good Mac VPN that isn’t susceptible to the Big Sur privacy leaks. We have a solution, though – a comprehensive guide from a top VPN review site. According to ProPrivacy, these are the best VPNs for Mac:

• ExpressVPN
• NordVPN
• CyberGhost VPN
• PIA
• Surfshark
• VyprVPN
• IPVanish
• Ivacy
• ProtonVPN
• PrivateVPN

You can check out the article we linked above to read a quick hands-on review about each VPN provider. The lists all the notable features (security, speeds, kill switch, etc.). What’s more, they even reached out to some of the VPNs on the list, and received confirmations that their service works on Big Sur.

Should You Update to Big Sur Then?

Well, that’s entirely up to you. Big Sur has some pretty awesome features. Here’s a quick peek:

• Apple redesigned the icons to give them a cooler look.
• In-app sheets were redesigned, making it easier to focus on the content.
• Apple changed the Safari tab bar. Now, you can see more tabs at the same time.
• You get access to brand new widgets on the app store.
• The menu bar got a nice overhaul. It’s much easier to interact with it now.
• Safari got a performance boost. It was already quick, but now it’s even faster.

If you update, you just need to make sure you’re using a VPN and firewall that can bypass the Big Sur security issue. Or, you could just update to the latest version to get rid of that problem: Big Sur 11.2.1.

Does Big Sur 11.2.1 Fix the Security Issue?

Not exactly. Big Sur 11.2.1 is the latest version, but it only fixes one problem – a charging bug users experienced on Macbook Pro.

Basically, if you own a Macbook Pro from 2016 or 2017, Big Sur 11.2.1 will fix an issue that would prevent the battery from charging.

Okay, so why did we say that upgrading will fix the security flaw?

Well, because the previous update (Big 11.2) fixed the VPN and firewall issue. The update basically deactivated the ContentFilterExclusionList key, ensuring Mac apps can’t bypass VPNs and firewalls anymore. Besides that, Big Sur 11.2 fixed other problems too:

• It fixed a bug that caused any edits you made to Apple ProRAW images in the Photos apps to not save properly.
• It fixed a problem that caused the iCloud Drive to turn off if you selected the Desktop & Documents option.
• Big Sur 11.2 fixed an issue that prevented System Preferences from unlocking when you entered a password (yes, even if it was the right password).
• Finally, the update fixed a problem that caused external displays to show a black screen if you connected them to a M1 Mac mini through HDMI to DVI.

How to Upgrade to the Latest Big Sur Version

Running the update is really simple – just follow these six steps:

1. Click the Apple menu.
2. Pick the About this Mac option.
3. If it’s not opened, open the Overview tab.
4. Now, click Software Update.
5. Click Update Now, and wait for the update to download.
6. Follow the setup instructions to complete the installation.

If you’re updating from an older version, make sure you have enough space and a decent Internet connection. Normally, you need anywhere between 12 to 16 GB of free space. But if you’re upgrading from macOS Sierra (or later), you’ll need around 35.5 GB of space. And if you’re updating from an earlier release, you should have about 44.5 GB of space free.

Summary

Some VPNs work well on Big Sur because they don’t use the NetworkExtension APIs that cause security software (like VPNs and firewalls) to leak data. We’d still recommend upgrading to Big Sur 11.2 (and beyond) to get rid of this security flaw even if you’re using a VPN that works on Big Sur.