It appears the GM version of MacOS Sonoma has a critical flaw with its firewall and VPNs according to Mullvad, a very reputable VPN provider. I first noticed an issue with Mullvad on the beta 6, and then Mullvad recently released this blog post:
I'm about to downgrade from Sonoma for this reason. Why does Apple have such a history of not caring about VPN leaks?
The macOS 14 Sonoma betas and release candidate contain a bug that causes the firewall to not filter traffic correctly. As a result, our app does not work.
During the macOS 14 Sonoma beta period Apple introduced a bug in the macOS firewall, packet filter (PF). This bug prevents our app from working, and can result in leaks when some settings (e.g. local network sharing) are enabled. We cannot guarantee functionality or security for users on macOS 14, we have investigated this issue after the 6th beta was released and reported the bug to Apple. Unfortunately the bug is still present in later macOS 14 betas and the release candidate.
We have evaluated whether we can patch our VPN app in such a way that it works and keeps users secure in macOS 14. But unfortunately there is no good solution, as far as we can tell. We believe the firewall bugs must be fixed by Apple.
The bug affects much more than just the Mullvad VPN app. Firewall rules do not get applied properly to network traffic, and traffic that is not supposed to be allowed is allowed. We deem this to be a critical flaw in the firewall, anyone relying on PF filtering, or apps using it in the background on their macOS devices should be cautious about upgrading to macOS 14.
Bug in macOS 14 Sonoma prevents our app from working
The macOS 14 Sonoma betas and release candidate contain a bug that causes the firewall to not filter traffic correctly. As a result, our app does not work.
mullvad.net
I'm about to downgrade from Sonoma for this reason. Why does Apple have such a history of not caring about VPN leaks?
Last edited: