The recent release of macOS 15, codenamed Sequoia, on September 16, 2024, has sparked a wave of concern among cybersecurity professionals and end-users alike. Reports of significant network connectivity issues affecting various Endpoint Detection and Response (EDR) solutions, Virtual Private Networks (VPNs), and browsers have emerged, highlighting potential vulnerabilities in Apple’s latest operating system update.
Impact on Major Security Solutions
Users have reported problems with several prominent security products, including CrowdStrike Falcon, ESET Endpoint Security, and Microsoft’s security offerings. These issues range from complete loss of functionality to intermittent network disruptions, severely impacting the security posture of affected systems.
CrowdStrike, a leader in cloud-delivered endpoint protection, has taken the unusual step of advising clients to delay upgrading to macOS 15 Sequoia. In a private bulletin, the company cited “changes to internal network structures” as the primary cause for concern, emphasizing the need for a fully compatible Mac sensor before proceeding with the update.
VPN and Browser Complications
The problems extend beyond EDR solutions, affecting VPN services crucial for remote work environments. Users have experienced difficulties connecting to both consumer-grade VPNs like Mullvad and corporate VPN products. Additionally, SSL failures in browsers and issues with command-line tools such as wget and curl have been reported, further complicating web-based workflows.
Firewall Changes at the Root of the Problem
Apple’s release notes for macOS 15 Sequoia indicate that changes to the operating system’s firewall functionality may be at the heart of these issues. Specifically, the deprecation of certain Application Firewall settings stored in property lists has forced developers to adapt their products to use the socketfilterfw command-line tool instead.
This change has far-reaching implications, affecting not only security software but also web browsers like Google Chrome, which must now alter their method of detecting Mac firewall settings.
Temporary Solutions and Vendor Responses
As the cybersecurity community grapples with these challenges, vendors are scrambling to provide interim solutions:
- ESET has advised users to temporarily remove ESET Network from the System Settings > Network > Filters list, followed by a system reboot.
- Microsoft attributes some issues to macOS’s Stealth Mode and recommends disabling it in firewall settings.
- Independent security researcher Wacław Jacek has proposed a workaround that requires manual intervention for each affected application.
Industry Reaction and Apple’s Silence
The cybersecurity community has expressed frustration with Apple’s handling of the situation. Patrick Wardle, a renowned macOS security expert, criticized Apple for releasing the update despite prior knowledge of these issues. He emphasized that companies priding themselves on creating secure systems should not release software that compromises security tools.
As of now, Apple has not provided any official comment on the situation, leaving users and security professionals in a state of uncertainty. This lack of communication raises questions about the company’s commitment to maintaining a secure ecosystem for its users, especially in an era where cybersecurity threats are constantly evolving.
The macOS 15 Sequoia debacle serves as a stark reminder of the delicate balance between innovation and security in operating system development. As the situation unfolds, it is crucial for users to stay informed, exercise caution when updating critical systems, and maintain open lines of communication with their security vendors. The cybersecurity community will be watching closely to see how Apple addresses these concerns and works to restore confidence in its platform’s security infrastructure.
