What's new in this version:
Rule Group Subscriptions:
- Rule Groups are sets of rules that anyone can create and publish on their web server for others to subscribe to. Whenever changes to the rules are made by the publisher, subscribers receive these changes.
- This is useful for providing automatically updating blocklists, distributing a common set of rules to multiple computers in a corporate network, or for app developers who want to provide a set of rules to their customers to make it work seamlessly with Little Snitch.
- To let you test this feature we provide an example rule group. To subscribe to this group, open Little Snitch Configuration, choose New Rule Group Subscription from the File menu, and enter the following URL: https://obdev.at/resources/littlesnitch/blocklist-example.lsrules.
- You can find more information about subscribing and publishing in the documentation chapter Rule group subscriptions.
Other New Features and Improvements:
- Improved display of inactive rules in Little Snitch Configuration. If a rule is inactive for whatever reason — either if it’s not enabled, if it’s part of a profile that’s currently not activated, if it’s in a rule group that’s currently not activated, or if the entire network filter is turned off — the rule is now consistently displayed with a gray text color.
- Focus Mode: Little Snitch Configuration has a new mode that allows you to focus on a specific subset of rules. Selecting one or more rules and then choosing Focus on Selected Rules or Focus on Rules Affecting Selection from the View menu will focus on just the rules you want to see, while leaving the search field free for further filtering. Focus Mode is also used for revealing matching rules from the connection alert or Network Monitor (e.g. by right-clicking a connection and choosing Show Corresponding Rules).
- The rule groups “iCloud Services” and “macOS Services” (previously named “Managed Rules”) can now be activated and deactivated using a checkbox next to their name in Little Snitch Configuration’s left sidebar (previously, these checkboxes could be found in the preferences window). This allows you to see what rules these sets contain before activating them.
- Profiles can now be activated and deactivated in Little Snitch Configuration’s left sidebar using a checkbox next to the profile.
- The special “Code Signature Issue Override Rules” that Little Snitch creates under certain circumstances can now be edited in Little Snitch Configuration just like normal rules. This should make it less confusing to deal with situations where an application is reported to have no valid code signature. See Code signature issues > Special Code Signature Issue Override Rules for more details.
- Connection alerts for applications that have an issue with their code signature now include direct links to the relevant section of the online documentation. The relevant chapter Code signature issues has been extended to provide much more details and examples for how Little Snitch behaves when an application without a valid code signature tries to establish a connection.
- Added support for the current version of the QUIC protocol. This fixes an issue with connections from Google Chrome, where the connection alert only showed the IP address instead of the hostname under some circumstances.
- In addition to checking that an application’s code signature is valid, Little Snitch now also checks the code signing certificate that was used to create the signature. Only certificates that were issued by Apple are currently accepted.
- Improved Little Snitch Installer to prevent malicious software from hijacking the installation procedure. Credit to Patrick Wardle (Synack, Inc.) for discovering this possibility.
- Many more minor improvements.
- Fixed an issue where some components of Little Snitch would only verify the code signature of the 64 bit slice of a fat binary when performing a code signature check, ignoring the 32 bit slice. With a maliciously crafted binary, this could lead to Little Snitch Configuration and Network Monitor to show that the code signature was valid, while the running process could have a non-valid code signature. Note that this did not affect what connections were allowed or denied. Credit to Josh Pitts (Okta, Inc.) for discovering this issue. For more details, read Josh’s blog post.
- Fixed an issue where a connection alert could sometimes be shown despite an existing rule that allowed the connection. We observed this mainly with Google Chrome.
- Fixed an issue in “Silent Mode – Deny Connections” where incoming TPC connections would sometimes be denied despite an existing rule that allowed the connection.
- Fixed issues with Automatic Profile Switching when joining a new, yet unknown network.
- Fixed an issue in the connection alert in conjunction with terminated processes when the “Confirm connection alert automatically” preferences option was turned on.
- Fixed an issue causing VPN connections to be wrongly considered as local network connections due to an incorrect netmask of the P2P interface set by the IPSec client of macOS.
- Fixed an issue causing the connection alert to repeatedly switch between different, pending connection attempts.
- Fixed multiple issues that could lead to a Code Signature Alert showing an internal error. These alerts should be gone now for universal apps running in 32-bit mode and for Java apps.
- Fixed an issue where a connection alert could disappear when the connecting process terminates.
- Many more minor bug fixes.
- This version does not support the developer preview of macOS Mojave (10.14). Use the latest Little Snitch 4.1 Nightly Build.