Release Notes

• Added compatibility with macOS 10.12 Sierra.
• Further improved Fast User Switching support.

• Fixed a critical bug that makes it possible for potential attackers to circumvent the Little Snitch network filter. Credit to @osxreverser for discovering this issue.
• Added IKEv2 VPN support to Automatic Profile Switching detection.
• Fixed: Under rare circumstances Fast User Switching caused all connections without rules to be silently denied without showing a connection alert.
• Fixed an issue causing connection alerts triggered by an “ask” rule to sometimes produce rules with “Until Quit” instead of “Once” lifetime.
• Fixed a rare crash when searching for rules or suggestions in Little Snitch Configuration.
• Other bugfixes and improvements.

• Fixed a bug causing Little Snitch Uninstaller to crash.

• Fixed a critical security vulnerability that makes it possible for malicious software to run arbitrary code at the kernel level. Credit to Patrick Wardle (Synack, Inc.) for discovering this issue.
• Fixed an incompatibility of the Little Snitch Installer with some older OS X versions.
• Fixed a memory leak in Little Snitch Configuration.
• Fixed a crash in Little Snitch Configuration that could occur when creating a Diagnostics Report.
• Fixed an issue that could cause the Connection Alert to become unresponsive to user interaction.
• Improved Installer to reliably terminate Little Snitch Configuration during installation.
• Fixed an issue when turning off Silent Mode causing connection alerts for terminated processes to appear.

• Fixed a bug which caused a kernel panic on some OS X El Capitan installations.
• Fixed a bug related to iOS Simulator apps where tvOS apps in the simulator would not show connection alerts and would lead to a crash in Little Snitch Configuration and Network Monitor.
• Fixed a bug which caused Until Quit rules to remain active after quitting the related application.

• Little Snitch 3.6 is ready for OS X El Capitan.
• Added support for watchOS and tvOS simulator apps.
• Other improvements and bugfixes.

• Significantly reduced CPU load of Little Snitch menu bar item.
• Improved searching for denied connections in Network Monitor.
• Improved compatibility with OS X 10.10.4.
• Fixed: Menu bar item sometimes got stuck in highlight mode.
• Fixed: Editing of multiple rule selections didn’t work in certain cases.
• Other stability improvements and bug fixes.

• Refined some icons to better match the look of OS X Yosemite.
• When using OS X Mavericks (10.9) or later, Little Snitch Agent, Network Monitor, and Configuration should not cause the discrete GPU (“High Performance GPU”) to be activated anymore, especially on Mid 2010 MacBook Pro.
• Fixed: In Little Snitch Configuration, when pressing ⌫ while no rule was selected, the last rule was selected.
• Fixed spontaneous horizontal scrolling of text in the Connection Inspector window of Network Monitor.
• Fixed: Closing the Connection Inspector window did not preserve its position on screen.

• Refined appearance in configuration UI to better match the look of OS X Yosemite.
• Improved user experience when a connection attempt was automatically confirmed after a timeout.
• Fixed an issue causing a first time installation of Little Snitch to hang under rare circumstances when attempting to restart the computer.
• Fixed a bug introduced in Little Snitch 3.5 causing “Until Quit” rules to remain enabled after the process quit.
• Fixed an issue in Network Monitor causing the destination of a connection to be wrongly shown as "0 Servers".
• Improved compatibility with Xcode Server.

• Greatly improved support for iOS Simulator apps in Connection Alerts, Network Monitor and Configuration. Read our blog post for details on how iOS Simulator apps are now handled in Little Snitch.
• Added support for showing iOS App Extension icons.
• Improved handling of via connections:
  • Connection alerts now show a cancel button if either the parent or the via process is terminated.
  • Until Quit rules are now valid until both the parent process and via process have terminated.
• OS X Yosemite changed how incoming ssh connections are handled. Incoming connections are no longer handled by sshd directly but instead by launchd. On OS X Yosemite, this version of Little Snitch automatically converts existing rules to ensure incoming SSH connections work as expected.
• Little Snitch menu bar item no longer occupies space when disabled.
• Fixed: The process owner in Network Monitor Snapshots was “root” instead of the actual user in many cases. Snapshots now store the user’s names and show them correctly.
• Software update checks are now using HTTPS. We will gradually enable HTTPS for all other connections to our servers in the near future.

• Fixed: Connection alert occasionally no longer appears after using the Research Assistant.
• Updating Little Snitch prior to upgrading to OS X Yosemite is recommended.

• Fixed an issue where the connection alert wasn’t responsive during OS X updates. Updating Little Snitch prior to updating to OS X Yosemite is recommended.
• Improved “Repair Path” functionality and added a “Repair” button when showing “Invalid Rules” suggestions.
• Improved Automatic Profile Switching by adding support for latest versions of OpenVPN.

• Added support for OS X Yosemite.
• Improved support for server processes (like AppleFileServer, httpd, smbd, and more).
• Improved detection and handling of OpenVPN connections.
• Improved handling of terminated processes in connection alerts.
• Improved display of TCP connection states in Network Monitor.
• Improved detection of corresponding rules in Network Monitor.
• Improved indication of incoming and outgoing connections in Network Monitor.
• New search scope for incoming and outgoing connections in Network Monitor.
• Fixed rare installer crash caused by wrong file system permissions.
• Fixed a rare kernel panic.
• Minor bugfixes and improvements.

• Removed leftover Network Monitor logging message.

• Fixed rare installer crash caused by wrong file system permissions.
• Fixed a bug causing Little Snitch Configuration to crash on Mac OS X 10.6 and Mac OS X 10.7.

• Improved dealing with large amount of silent mode suggestions.
• Improved Little Snitch Configuration sidebar: Added explanatory texts.
• Little Snitch Network Monitor Inspector performance improvements.
• Little Snitch Network Monitor respects “Reopen windows when logging back in” option now.
• Improved handling of certain VPN connections.
• Improved window positioning of Little Snitch Monitor.
• Improved validation of profile names.
• Improved iOS Simulator support.
• Host- and domain rules now have priority over local network rules.
• Installer detects Little Snitch Configuration in locations other than /Application and performs update accordingly.
• Fixed VPN related kernel panic.
• Fixed Little Snitch Installer bug.
• Fixed issues causing Little Snitch Network Monitor not to appear in multiple screen environments.
• Fixed an issue causing Little Snitch Network Monitor to disappear when dragged on another screen on OS X 10.9.
• Fixed an issue where Little Snitch Agent appeared to have crashed.
• Fixed an OS X 10.6 related drawing bug in Little Snitch Configuration sidebar.
• Minor bugfixes and improvements.

• Little Snitch is now compatible with OS X Mavericks.
• Added a welcome window to Little Snitch Configuration to help you get started (shown automatically after updating).
• Instead of some alerts, notifications are shown in notification center.
• The Network Monitor window can now be dragged to a screen that lies above a screen with a menu bar.
• Improved filtering behavior during system startup.
• Improved Profile Switching Alert behavior.
• Improved Network Monitor window positioning on multiple display setups.
• Fixed an issue causing Little Snitch to display IP addresses instead of the actual hostnames.
• Fixed an issue where a Network Monitor document couldn’t be saved from the closing dialog.
• Fixed a rare hang in conjunction with certain screen savers.
• Copy/paste of rules now preserves process-owner attribute.
• Other bugfixes and improvements.

• Improved default selection of hostname in connection alerts.
• Fixed an issue which caused the connection alert to display IP addresses instead of hostnames with certain VPN configurations.
• Minor other bugfixes and improvements.

• Automatic Profile Switching

  This new feature allows you to assign networks (for example your Wi-Fi network at home, a public hotspot, etc.) to certain profiles. Whenever you join one of these networks, Little Snitch detects the network change and switches to the associated profile automatically.

  When you join a network for the first time, Little Snitch shows an alert window allowing you to choose the desired profile. Alternatively you can configure a default profile that will be used for all unknown networks.

  The mappings between profiles and networks can be reviewed and edited later in Little Snitch Configuration, either in the profiles section of the sidebar, or in the new “Known Networks” window (⇧⌘K).

  Automatic Profile Switching is off by default. To use it, it must be enabled in Little Snitch Configuration > Preferences > Automatic Profile Switching.

• In the menu bar item “Silent Mode” and “Start/Stop Network Filter” entries are now hidden if “Allow Preferences Editing” is disabled.
• Improved “Restore Factory Defaults” feature.
• Updated help section to reflect changes mentioned above.
• Fixed a bug which caused a kernel panic in some rare cases.
• Minor other bugfixes and improvements.

• Improved detection of invalid domain names.
• Improved IP Address range detection.
• Improved Ruleset Analyzer.
• Improved search filter behavior in Little Snitch Configuration.
• Reduced CPU load in Silent Mode.
• Performance improvements of kernel extension.
• Fixed: Restoring of factory rules on restart.

• Added rule backup functionality (Rules > Backup…)
• Import of unsuitable backup files is no longer possible.
• Installer now repairs filesystem permissions if necessary.
• Pressing cancel in the connection alert window now cancels all connection attempts for terminated processes.
• Improved alert timeout behavior.
• Improved handling of DashboardClient application.
• Improved detection of Unix executables.
• Fixed an issue which caused an “Internal communication error” message.
• Fixed an issue where preference settings were non-persistent.
• Fixed an issue which caused missing traffic indication in menu bar item.
• Fixed a rare kernel panic.
• Removed obsolete help pages.
• Various other bug fixes and improvements.

• New Preference setting to limit number of total connections in Network Monitor.
• Redesigned visualization of Connection Alert timeout.
• Simplified Alert: Adaptive window width.
• Improves sorting by precedence in Little Snitch Configuration.
• Improves detection of Java applications.
• Improves Little Snitch 2 ruleset import.
• Bugfixes and performance improvements regarding the ruleset analysis.
• Fixes an issue which caused system hangs in combination with JollysFastVNC.
• Fixes an issue which caused recurring connection alerts.
• Fixes an issue with table background drawing on retina displays.
• Fixes an issue which produced redundant factory rules.
• Fixes an issue to prevent Little Snitch Agent crashes.
• Various other bug fixes and improvements.

• Rules can now be created by dragging applications on Little Snitch Configuration’s dock icon or on Little Snitch’s status menu item.
• Installer / Uninstaller now offers a retry button if the installation / uninstallation failed.
• Network Monitor Snapshots are now displayed without traffic meters and with server names in gray.
• If the “via” executable of a rule does not exist, the rule is now indicated as invalid.
• Improved generation of notes text for automatically created rules and suggestions.
• Improved notes text for factory rules
• Improved installer error reporting if updating boot caches fails.
• Changed preferences options beginning with “prevent” into their “allow” counterparts.
• Fixed several bugs in detection of redundant rules (e.g. subdomains covered by domain rule).
• Fixed a bug where the Network Monitor window could be off screen.
• Various other bug fixes and improvements.

Overview

• Brand new Network Monitor
• Firewall for incoming connections
• Profiles
• Silent Mode
• Simplified Connection Alert
• Research Assistant for connection attempts
• Redesigned Configuration Interface
• Ruleset Analyzer and sorting by precedence
• Rule Suggestions
• Domain based rules via Connection Alert
• More powerful rules (ask-option, time limits, multiple destinations)
• Improved menu bar item
• Optimized for MacBook Pro with Retina display
• New app icon designed by The Iconfactory

Network Monitor

• Get an overview of network traffic
• Traffic Diagram
  • Visual representation of traffic amounts over time.
  • Highlighting of system events (application launched, application terminated, computer sleep, …)
  • Display data rates on logarithmic or linear scale.
  • Zoom into time ranges of choice.
  • Supports multi-touch gestures for scrolling and zooming.
  • Selecting in the traffic view causes connection list to only show applications that where active (caused traffic) during that time.
• Powerful sorting options (last activity, total traffic amount, process name, server name, …)
• Save snapshots to investigate connection details at any later point of time.
• Capture traffic of certain applications as .pcap file to open it with packet analyzer tools (such as Wireshark or Cocoa Packet Analyzer).
• Easily create rules from context menu.
• Show denied connection attempts.
• List other hostnames resolving to same IP address.
• Highlight corresponding rule in Configuration to find out which rule was responsible for allowing / denying this connection.
• Search Field Tokens – Use keywords (process, server, host, ip, protocol, port or status) to filter your connection list.
• Network Monitor Inspector.
  • Further details of selected connection entries.
  • Displays information about the process, server identification (hostnames, IP address), connection statistics (ports, traffic amounts, time of first / last activity, …).
  • Connection inspector now shows all information suitable for a search in the connection list as roll-over button so that a search can be started simply by clicking.

Connection Alerts

• Simplified Connection Alert – choose your preferred level of detail.
• More versatile temporary rules: Until Quit, Until Logout, Until Restart, For [n] Minutes, etc.
• Creation of domain rules.
• Select other hostnames resolving to same IP address to create a rule for.

Research Assistant

• New Research Assistant for Connections. Little Snitch’s Connection Alert now has a help button. Clicking the button triggers a query to the Research Assistant Database (maintained by Objective Development) and displays information about the current connection attempt.
• Users can improve the information returned by submitting feedback directly from the Connection Alert. This data is sent anonymously and will be reviewed by Objective Development.

Configuration

• Powerful new interface.
• Manage profiles
  • Create or delete profiles.
  • Easily add rules to profiles via Drag&Drop.
  • Enable profiles by double-clicking on a profile in the sidebar.
• Sidebar including
  • Rule Filters (Last 24 Hours, Temporary Rules, Unapproved Rules, …)
  • Rule Suggestions.
  • Profiles.
• Ruleset Analysis
  • Detection of redundant rules.
  • Highlighting of redundant / covered rules, to easily see which rules are obsolete.
• Sort list of rules by process name, rule precedence or creation date.
• Improved search
  • Narrow search scope to process, rule, enclosing folders, bundle identifier, notes.
  • Search results now include related rules as well.
• Backups of rule archives (e.g. Time Machine) can be restored via Little Snitch Configuration.
• Fullscreen support.

Suggestions

• Little Snitch offers rule suggestions based on Silent Mode connections, former, already expired temporary rules, login connections and more.
• Rule suggestions can easily be converted into permanent rules.
• Rule suggestions can be grouped by their common properties (process, port, host, domain) – Easily create rules that cover most typical connections for certain processes.

Menu Bar Item

• Revised Design.
• Monochrome or colored Icon.
• Optionally displays current data rates as numerical values.
• Access to important settings.
• Switch between Profiles quickly.
• Enable or disable Silent Mode quickly.

Further Improvements

• In order to support multiple simultaneous logins, processes are distinguished by the user account that started the process. Rules can be created so that they apply to processes running on behalf of the current user, on behalf of a system account such as root, or on behalf of any account.
• When no user is logged in, all connections which are not covered by an existing rule are automatically denied. Rule suggestions are created for these connections and can be reviewed in Little Snitch Configuration.
• If you can’t login without network access (e.g. network accounts), the system can be restarted in Permissive Mode where all connections are allowed before the first user logs in. Allow-rules are automatically created so that future logins succeed. Permissive mode is also used during the first restart after installation, but not after upgrades.
• All components are code-signed.

Changes since Release Candidate (3871)

• Help is now available for Little Snitch.
• Fixed an issue where Ask-Rules could cause a Connection Alert to be shown even in Silent Mode.
• Fixed a bug where the Connection Alert wrongly indicated that the process terminated.
• Fixed an issue where rules created from the Connection Alert were for process owner “System” instead of the current user.
• Connection Alert now honors modifier keys that were held before the alert was shown.
• Fixed unexpected change of filter scope when creating rules from rule suggestions.
• Fixed potential crash of Little Snitch Network Monitor when deleting connections from the list.
• Little Snitch Network Monitor can now be activated with LaunchBar. Simply add /Library/Little Snitch/Little Snitch Network Monitor.app to LaunchBar’s index.