←back to thread

A memory leak in Apple's Network Extension framework

(obdev.at)
224 points chmaynard | 1 comments | 14 Nov 24 13:53 UTC | HN request time: 0.2s | source
Show context
lapcat ◴[14 Nov 24 14:00 UTC] No.42136194[source]
See also yesterday's "Apple’s built-in macOS firewall breaks third-party firewalls" https://obdev.at/blog/apples-built-in-macos-firewall-breaks-...
replies(4): >>42136670 #>>42137126 #>>42140020 #>>42146493 #
1. crest ◴[15 Nov 24 12:58 UTC] No.42146493[source]
Afaik the macOS port of OpenBSD's pf firewall is the only firewall used by both Apple's system settings and obdev's LittleSnitch. They're both GUI frontends to the same backend, but Apple supposedly also added internal "escape hatches" to their PF port because they couldn't be arsed to write/generate a proper ruleset with anchors to hook into.

The cynic in me assumes it's just teams from different silos trampling over each other in a shared code base. Given Apple's obsession with leak prevention they're probably prohibited by NDA from talking to each other.