Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security IT

Apple's New macOS Sequoia Update Breaking Major Security Tools (techcrunch.com) 44

Apple's latest macOS 15 "Sequoia" update, released earlier this week, has disrupted security tools from major providers including CrowdStrike, SentinelOne, and Microsoft, according to reports. The extent and cause of the disruption remain unclear.
This discussion has been archived. No new comments can be posted.

Apple's New macOS Sequoia Update Breaking Major Security Tools

Comments Filter:
  • Details (Score:4, Interesting)

    by ThosLives ( 686517 ) on Thursday September 19, 2024 @02:05PM (#64800445) Journal

    The media articles are light on information. Are these issues that weren't in the preview releases, but only originated at the official release? This is the only way I'd put it on Apple.

    If the changes were in the preview releases, what were these companies doing with those releases?

    • Re:Details (Score:5, Insightful)

      by 605dave ( 722736 ) on Thursday September 19, 2024 @02:09PM (#64800463) Homepage

      Same question. As a dev I have been running the beta since its release. Did no one check for compatibility? Seems like a system change that would affect these services would not be something new in the RC.

      • by Z00L00K ( 682162 )

        Given the recent events caused by Crowdstrike I'm not surprised that Apple no longer allows others into the inner workings of the operating system.

        • Re:Details (Score:5, Insightful)

          by guruevi ( 827432 ) on Thursday September 19, 2024 @02:24PM (#64800537)

          Apple announced that change 5 years ago when it released Catalina. You couldn't get any of those tools automatically deployed in the last 2 versions of macOS without putting specific commands in an MDM, so they just sat and waited until now. Basically if you have problems with Sequoia, you are exposing that your products are not being actively developed anymore.

        • Given the recent events caused by Crowdstrike I'm not surprised that Apple no longer allows others into the inner workings of the operating system.

          This has nothing to do with "recent events". "Recent events" do not cause massive breaking updates to be pushed out to OSes (that's known as a cure worse than a disease). Apple have been reworking the network stack for MacOS 15 for nearly a year now, not only that Apple confirmed that Crowdstrike's implementation in MacOS wasn't capable of causing the issue they saw on Windows - so that alone was irrelevant for them.

        • by tlhIngan ( 30335 )

          Given the recent events caused by Crowdstrike I'm not surprised that Apple no longer allows others into the inner workings of the operating system.

          No, Apple closed off kernel mode development many releases ago. They still have DriverKit and such so you can write a driver for your device, but it's not run inside the kernel - only Apple code runs in kernel mode. For security software, there are hooks you can use to do things without kernel mode as well.

          Surprisingly, macOS was not one of the OSes affected by C

      • Re: (Score:3, Informative)

        by guruevi ( 827432 )

        People at CrowdStrike, lol, no. They still haven't released official support for Ubuntu 24 or RHEL 9.4, they want us to stick to 9.2 which will be legacy in a few months for integration with our other security products.

        Mac and Linux are not "first class citizens" in any security product. At least both of those OS allow me to limit their interaction with my files.

      • As a dev I have been running the beta since its release. Did no one check for compatibility?

        In their defense, Apple will make changes in different versions of the betas. So it could be that everything was fine until early September. Heck, I remember a change being made between the last beta and GA that hosed us...

      • Did no one check for compatibility?

        If they can't be arsed to inspect a text file feeding a kernel module (re: Crowdstrike), what makes you think they would even think of checking for compatibility prior to release of a new kernel? Upper management is high on champagne and Xanax.

    • by guruevi ( 827432 )

      If you were in the preview, you got notifications that those apps wouldn't be working anymore. You actually got warnings ... in CATALINA 5 years ago, that the equivalent of a "kernel driver" in Windows (kernel extensions) would be deprecated.

      • This has nothing to do with your 5 year old warning. That kernel driver got depreciated long ago and isn't used (Apple even confirmed in July that Crowdstrike do not use any kind of kernel level access in MacOS and that the outage which occurred on Windows can't happen on Mac). Apple reworked the network stack and security APIs in MacOS and a few companies are slow to roll out updates.

  • The only thing that changed with it was it requested access to scan the local network. Which I denied. It still works fine.

  • by awwshit ( 6214476 ) on Thursday September 19, 2024 @02:15PM (#64800497)

    We'll break your software before you can break ours!

  • by Guyle ( 79593 ) on Thursday September 19, 2024 @02:16PM (#64800499)
    They said they weren't ready to support macOS Sequoia yet and to wait to deploy until they were ready. This is because Apple often makes last minute changes from the last beta to general release and they need time to sort things out. Apologies, can't link to the source because it's behind a CrowdStrike login.
    • So they said that Apple often make changes rather than they actually made a change?

      If Apple are in the wrong, they should come out and say it publicly instead of hiding it behind a login. Why would they let people question their integrity by not stating this?

      • Because you're not a customer? Besides, macos isn't an enterprise product. It's a consumer OS. Meant for consumers only, not businesses. Nothing necessarily wrong with that, but if you're a business using macos then you should already expect shit like this to happen.

        • Meant for consumers only, not businesses.

          lol

          Do Linux is for hobbyists only next, good grief.

          • Linux is a kernel. If you want distros suitable for enterprise use, including ones that backport fixes to older versions for compatibility, many exist. In fact, have you heard of centos? It has one particular set of users in mind, as does its commercial counterpart, rhel. Care to guess who those users are?

        • Har Har Har Har, this is officially now the biggest nonsense, you ever said.

          There are most certainly more business Mac's in the wild than consumer Mac's.

        • Because you're not a customer? Besides, macos isn't an enterprise product. It's a consumer OS. Meant for consumers only, not businesses. Nothing necessarily wrong with that, but if you're a business using macos then you should already expect shit like this to happen.

          How do you figure macOS isn’t an enterprise product. Do you have anything to back up your argument, or is this just your insecurities speaking?

          • No, just experience working with them in an enterprise setting.

            I've had at least four macos updates break displaylink. Though the fact that they require displaylink if you want more than two monitors should tell you enough -- you know your OS sucks when even open source OSes support DP MST and yours doesn't.

            Out of nowhere they'll just change the middleware, even within minor OS updates. Take for example the move from openssh 8 to openssh 9, which broke RSA auth with older linux systems running still support

        • Weird: Iâ(TM)ve been Mac only at work since 2010. We develop cross platform SDKs and itâ(TM)s a fabulous platform for that, especially if you have to support any Apple platform. Every day for 14 years, Iâ(TM)ve been grateful Iâ(TM)m no longer on Windows or have to deal with any of the BS and wasted time my Windows based colleagues have to.

  • by Shag ( 3737 ) on Thursday September 19, 2024 @02:18PM (#64800507) Journal

    Would these be the security tools that you can install all of on a machine and let them fight it out? The ones that report each other as malware? (Sometimes, the ones from Microsoft that report other ones from Microsoft as malware?) I think I'll wait for more details about whose fault this actually is.

    • Would these be the security tools that you can install all of on a machine and let them fight it out? The ones that report each other as malware? (Sometimes, the ones from Microsoft that report other ones from Microsoft as malware?) I think I'll wait for more details about whose fault this actually is.

      I'm pretty sure that, unless it's a dire emergency, Apple gives long advance notice for API changes, especially "breaking" ones. That has been their practice for decades, and I don't see that changing much in recent years.

    • (Sometimes, the ones from Microsoft that report other ones from Microsoft as malware?)

      Well, they aren't wrong, thou knowest!

  • This article should just read "Many fools think they can cross their fingers and upgrade their Mac to the next major macOS release version without testing all of their critical or risky software/drivers first." EITHER DO THE TESTING OR WAIT FOR YOUR VENDORS TO RELEASE COMPATIBLE VERSIONS IN THE MERE WEEK OR TWO AFTER THE MACOS RELEASE!!! Many vendors actually get their compatible release out BEFORE the OS drops...you just have to install it before you upgrade!!
  • by RogueWarrior65 ( 678876 ) on Thursday September 19, 2024 @03:37PM (#64800797)

    Up more than $8 a share today. Good things happen when you get rid of the barnacles.

  • IMHO, macOS 15 was one of the better versions I've seen. iOS was a painless upgrade, pretty much almost an update, and macOS is similar. All my stuff continues to work, even oddball stuff like Arq Backup.

    It isn't like this is doable. Even though standalone consumer Macs don't need AV/EDR/XDR/MDR, I still use Malwarebytes, if only as a signature scanner. Malwarebytes works and works well, with zero issues. I'm sure a decently engineered MDR, even though it is a heavyweight [1] can work just as well. It

  • What security tools are needed on a Mac ?? From the linked article: Slack reported having issues with Microsoft Defender for macOS. Now why in the hell would you want to be using Microsoft Defender for macOS to start with ???? CrowdStrike, SentinelOne, Microsoft, and others need to update their apps for the new update, any update, Windows or Macs !!! This is nothing new after an update !! Patrick Wardle, the founder of Mac and iOS security startup DoubleYou, and a longtime expert on macOS securit
    • You use Microsoft defender on a Mac because someone in a position of power decided there must be some protection. Whether itâ(TM)s useful or not I canâ(TM)t say, but if your bosses bosses boss decides your company needs to send money to Microsoft, thatâ(TM)s what you do.

An adequate bootstrap is a contradiction in terms.

Working...