Warning: macOS Sequoia 15 may bypass DNS encryption
macOS Sequoia 15 has a bug allowing some DNS requests to bypass Little Snitch 6's encryption, affecting low-level legacy APIs. Firefox users may be particularly impacted, and a fix is pending.
Read original article
macOS Sequoia 15 has a bug that may allow some DNS requests to bypass the DNS encryption feature of Little Snitch 6, which is designed to protect users' internet browsing activities from being monitored. Normally, when a user enters a hostname, the DNS lookup is performed through a proxy registered by Little Snitch, ensuring that the requests are encrypted. However, it has been discovered that certain low-level legacy APIs are not sending requests through this proxy, resulting in unencrypted lookups being sent to the system's default name server. This issue is not limited to Little Snitch and may affect other third-party DNS proxies as well. While higher-level APIs, such as those used by Safari and Chrome, are not impacted, Firefox users may experience unencrypted lookups. The developers have reported this bug to Apple and are awaiting a fix in a future macOS update.
- macOS Sequoia 15 has a bug affecting DNS encryption in Little Snitch 6.
- Some DNS requests may bypass the DNS proxy, leading to unencrypted lookups.
- The issue affects low-level legacy APIs but not higher-level APIs like those in Safari and Chrome.
- Firefox users may be particularly affected by this bug.
- The developers have reported the issue to Apple and are seeking a resolution.
Related
Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.
Apple memory holed its broken promise for an OCSP opt-out
Apple has not fulfilled its promise to provide an opt-out for OCSP checks in macOS, raising privacy concerns. Following macOS 14 Sonoma, it removed related documentation, prompting user skepticism.
macOS Sequoia makes it harder to run not notarized or signed apps
macOS Sequoia enhances security by restricting unsigned or unnotarized applications, removing the Control-click bypass option, and requiring users to adjust settings to allow such software execution.
Apple to Address '0.0.0.0' Security Vulnerability in Safari 18
Apple will address a security vulnerability in Safari 18 affecting macOS Sequoia, Sonoma, and Ventura, blocking malicious requests to the IP address 0.0.0.0, with an update expected later this year.
Little Snitch for Mac
Little Snitch is a macOS network monitoring tool that enhances privacy by allowing users to control internet connections, featuring Silent Mode, DNS encryption, and a 30-day free trial for testing.
3 commentsRelated
Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.
Apple memory holed its broken promise for an OCSP opt-out
Apple has not fulfilled its promise to provide an opt-out for OCSP checks in macOS, raising privacy concerns. Following macOS 14 Sonoma, it removed related documentation, prompting user skepticism.
macOS Sequoia makes it harder to run not notarized or signed apps
macOS Sequoia enhances security by restricting unsigned or unnotarized applications, removing the Control-click bypass option, and requiring users to adjust settings to allow such software execution.
Apple to Address '0.0.0.0' Security Vulnerability in Safari 18
Apple will address a security vulnerability in Safari 18 affecting macOS Sequoia, Sonoma, and Ventura, blocking malicious requests to the IP address 0.0.0.0, with an update expected later this year.
Little Snitch for Mac
Little Snitch is a macOS network monitoring tool that enhances privacy by allowing users to control internet connections, featuring Silent Mode, DNS encryption, and a 30-day free trial for testing.