Apple's New macOS Sequoia Update Breaking Major Security Tools (techcrunch.com) 44
Apple's latest macOS 15 "Sequoia" update, released earlier this week, has disrupted security tools from major providers including CrowdStrike, SentinelOne, and Microsoft, according to reports. The extent and cause of the disruption remain unclear.
Non-public APIs keep you out of App Store (Score:5, Informative)
we want 30% and must be in app store to use this API!
Actually using non-public APIs (unsupported APIs) is what keeps you out of the App Store and forces you to distribute yourself, and be vulnerable if anything changes in these APIs.
Re: (Score:1)
Re: (Score:2)
Lazy ass companies*
I think programmers would love to be paid to do a load of maintenance gruntwork.
Re: (Score:2)
I think programmers would love to be paid to do a load of maintenance gruntwork.
Speak for yourself. Laziness is one of the three tenants of a good Perl programmer (Laziness, Impatience, and Hubris).
Details (Score:4, Interesting)
The media articles are light on information. Are these issues that weren't in the preview releases, but only originated at the official release? This is the only way I'd put it on Apple.
If the changes were in the preview releases, what were these companies doing with those releases?
Re:Details (Score:5, Insightful)
Same question. As a dev I have been running the beta since its release. Did no one check for compatibility? Seems like a system change that would affect these services would not be something new in the RC.
Re: (Score:2)
Given the recent events caused by Crowdstrike I'm not surprised that Apple no longer allows others into the inner workings of the operating system.
Re:Details (Score:5, Insightful)
Apple announced that change 5 years ago when it released Catalina. You couldn't get any of those tools automatically deployed in the last 2 versions of macOS without putting specific commands in an MDM, so they just sat and waited until now. Basically if you have problems with Sequoia, you are exposing that your products are not being actively developed anymore.
Re: (Score:2)
Given the recent events caused by Crowdstrike I'm not surprised that Apple no longer allows others into the inner workings of the operating system.
This has nothing to do with "recent events". "Recent events" do not cause massive breaking updates to be pushed out to OSes (that's known as a cure worse than a disease). Apple have been reworking the network stack for MacOS 15 for nearly a year now, not only that Apple confirmed that Crowdstrike's implementation in MacOS wasn't capable of causing the issue they saw on Windows - so that alone was irrelevant for them.
Re: (Score:3)
No, Apple closed off kernel mode development many releases ago. They still have DriverKit and such so you can write a driver for your device, but it's not run inside the kernel - only Apple code runs in kernel mode. For security software, there are hooks you can use to do things without kernel mode as well.
Surprisingly, macOS was not one of the OSes affected by C
Re: (Score:3, Informative)
People at CrowdStrike, lol, no. They still haven't released official support for Ubuntu 24 or RHEL 9.4, they want us to stick to 9.2 which will be legacy in a few months for integration with our other security products.
Mac and Linux are not "first class citizens" in any security product. At least both of those OS allow me to limit their interaction with my files.
Re: (Score:2)
As a dev I have been running the beta since its release. Did no one check for compatibility?
In their defense, Apple will make changes in different versions of the betas. So it could be that everything was fine until early September. Heck, I remember a change being made between the last beta and GA that hosed us...
Re: (Score:2)
Did no one check for compatibility?
If they can't be arsed to inspect a text file feeding a kernel module (re: Crowdstrike), what makes you think they would even think of checking for compatibility prior to release of a new kernel? Upper management is high on champagne and Xanax.
Re: (Score:2)
If you were in the preview, you got notifications that those apps wouldn't be working anymore. You actually got warnings ... in CATALINA 5 years ago, that the equivalent of a "kernel driver" in Windows (kernel extensions) would be deprecated.
Re: (Score:2)
This has nothing to do with your 5 year old warning. That kernel driver got depreciated long ago and isn't used (Apple even confirmed in July that Crowdstrike do not use any kind of kernel level access in MacOS and that the outage which occurred on Windows can't happen on Mac). Apple reworked the network stack and security APIs in MacOS and a few companies are slow to roll out updates.
Malwarebyts seems fine (Score:2)
The only thing that changed with it was it requested access to scan the local network. Which I denied. It still works fine.
preemptive crowdstrike (Score:4, Funny)
We'll break your software before you can break ours!
CrowdStrike was pretty clear about it (Score:3)
Re: CrowdStrike was pretty clear about it (Score:3)
So they said that Apple often make changes rather than they actually made a change?
If Apple are in the wrong, they should come out and say it publicly instead of hiding it behind a login. Why would they let people question their integrity by not stating this?
Re: CrowdStrike was pretty clear about it (Score:1)
Because you're not a customer? Besides, macos isn't an enterprise product. It's a consumer OS. Meant for consumers only, not businesses. Nothing necessarily wrong with that, but if you're a business using macos then you should already expect shit like this to happen.
Re: (Score:2)
Meant for consumers only, not businesses.
lol
Do Linux is for hobbyists only next, good grief.
Re: CrowdStrike was pretty clear about it (Score:2)
Linux is a kernel. If you want distros suitable for enterprise use, including ones that backport fixes to older versions for compatibility, many exist. In fact, have you heard of centos? It has one particular set of users in mind, as does its commercial counterpart, rhel. Care to guess who those users are?
Re: (Score:1)
Har Har Har Har, this is officially now the biggest nonsense, you ever said.
There are most certainly more business Mac's in the wild than consumer Mac's.
Re: (Score:2)
Because you're not a customer? Besides, macos isn't an enterprise product. It's a consumer OS. Meant for consumers only, not businesses. Nothing necessarily wrong with that, but if you're a business using macos then you should already expect shit like this to happen.
How do you figure macOS isn’t an enterprise product. Do you have anything to back up your argument, or is this just your insecurities speaking?
Re: (Score:2)
No, just experience working with them in an enterprise setting.
I've had at least four macos updates break displaylink. Though the fact that they require displaylink if you want more than two monitors should tell you enough -- you know your OS sucks when even open source OSes support DP MST and yours doesn't.
Out of nowhere they'll just change the middleware, even within minor OS updates. Take for example the move from openssh 8 to openssh 9, which broke RSA auth with older linux systems running still support
Re: CrowdStrike was pretty clear about it (Score:2)
Weird: Iâ(TM)ve been Mac only at work since 2010. We develop cross platform SDKs and itâ(TM)s a fabulous platform for that, especially if you have to support any Apple platform. Every day for 14 years, Iâ(TM)ve been grateful Iâ(TM)m no longer on Windows or have to deal with any of the BS and wasted time my Windows based colleagues have to.
Security tools? (Score:3)
Would these be the security tools that you can install all of on a machine and let them fight it out? The ones that report each other as malware? (Sometimes, the ones from Microsoft that report other ones from Microsoft as malware?) I think I'll wait for more details about whose fault this actually is.
Re: (Score:2)
Would these be the security tools that you can install all of on a machine and let them fight it out? The ones that report each other as malware? (Sometimes, the ones from Microsoft that report other ones from Microsoft as malware?) I think I'll wait for more details about whose fault this actually is.
I'm pretty sure that, unless it's a dire emergency, Apple gives long advance notice for API changes, especially "breaking" ones. That has been their practice for decades, and I don't see that changing much in recent years.
Re: (Score:2)
(Sometimes, the ones from Microsoft that report other ones from Microsoft as malware?)
Well, they aren't wrong, thou knowest!
Oh come on (Score:2)
So that's why the stock went up today (Score:3)
Up more than $8 a share today. Good things happen when you get rid of the barnacles.
Time to test better? (Score:2)
IMHO, macOS 15 was one of the better versions I've seen. iOS was a painless upgrade, pretty much almost an update, and macOS is similar. All my stuff continues to work, even oddball stuff like Arq Backup.
It isn't like this is doable. Even though standalone consumer Macs don't need AV/EDR/XDR/MDR, I still use Malwarebytes, if only as a signature scanner. Malwarebytes works and works well, with zero issues. I'm sure a decently engineered MDR, even though it is a heavyweight [1] can work just as well. It
Doesn't sound like an Apple problem.... (Score:2)
Re: Doesn't sound like an Apple problem.... (Score:2)