Apple's new macOS Sequoia update is breaking some cybersecurity tools
(techcrunch.com)41 points by zspitzer 9 hours ago | 18 comments
41 points by zspitzer 9 hours ago | 18 comments
sephamorr 5 hours ago | root | parent | next |
Per Patrick Wardle, this was well reported to Apple during beta.
move-on-by 5 hours ago | root | parent |
Thank you, this makes the frustration in the above quote more understandable. For anyone wanting to avoid the x click:
> Worth stressing this was reported to Apple before the GA was released (by multiple people, to multiple teams/orgs within Apple) so Apple 100% knew about this, and shipped macOS 15 anyways
Spivak 8 hours ago | root | parent | prev |
This is the part I'm missing too. Major versions are the time to ship braking changes, did none of these companies bother to test their software that mucks deep in the plumbing of the OS?
1over137 8 hours ago | root | parent | next |
It is very typical to file bugs against even the first beta and not see them fixed before GM, or even ever.
eviks 2 hours ago | root | parent | prev | next |
They did, reported it, nothing changed.
It's an OS bug, you can't make it look good by invoking some generic "time to break" principle
RockRobotRock 7 hours ago | root | parent | prev |
Is there even an equivalent to WSUS on macOS that lets admins block an update until it's tested?
wpm 4 hours ago | root | parent | next |
There is a configuration profile payload that can stop updates like major version changes for up to 90 days. You cannot stop them indefinitely from appearing in Software Update.
salmo 7 hours ago | root | parent | prev | next |
Yeah. There’s Jamf and similar tools. Companies often block major updates until their 100 agents all officially support it. Oh, and do cool things like not letting you change your background or whatever random settings some admin decides are good.
ripa 4 hours ago | root | parent |
Yep, a lot of these policies seem to come from some random person scrolling through a list of supported options and arbitrarily making up values that are enforced on people.
One of our policies enforce that screen savers must start after 20 minutes, and it’s not possible to reduce it (I have my personal on 3 minutes). Or the fact that it will constantly reset the UI notification volume to 100% and speaker output, even though have headphones almost always.
Infuriating.
colechristensen 4 hours ago | root | parent | prev |
Yes, it's called MDM (Mobile Device Management) and lets admins set all kinds of policy on apple devices. There are several vendors out there that implement it.
Someone 40 minutes ago | prev | next |
> At this point, it’s unclear exactly what is the issue
So, is this a bug in Sequoia or a change that affects these low-level tools? If the latter, they may not like it, but that’s par for the game on MacOS.
(Tried reading https://x.com/patrickwardle/status/1836862900654461270, referenced by sephamorr, but that link isn’t working for me)
yawnbox 8 hours ago | prev | next |
all my wireguard tunnels could not connect upon upgrade. disabling the macos firewall allowed me to use my tunnels again, fyi.
evulhotdog 3 hours ago | root | parent | next |
I read somewhere about old ESET rules being in the macOS firewall blocked various udp traffic. Quick Google might get you more information.
bomewish 4 hours ago | root | parent | prev |
Tailscale affected?
vigormortis 2 hours ago | root | parent |
It is for me. I've had to disable it on my mbp and ios devices; otherwise DNS lookups choke.
guidedlight an hour ago | prev | next |
These cybersecurity tools are like posting a contracted armed security guard to an airport departure lounge.
musicale 3 hours ago | prev |
> And, somehow, the software update has broken the functionality of several security tools made by CrowdStrike, ...
What terrible news – whatever shall we do?
move-on-by 8 hours ago | next |
> “As a developer of macOS security tools, it’s incredibly frustrating to time and time again have to deal with (understandably) upset users (understandably) blaming your tools for breaking their Macs, when in reality it was Apple’s fault all along,”
I would like to understand this better. Were there not any beta releases that these companies could have tested with in advance? Or were changes made between the beta and the release that broke things? Or something else?