Security pros on Oct. 8 strongly advised teams to take advantage of an Oct. 3 update released by Apple that promises to fix compatibility issue with third-party security software to an update of its macOS 15 Sequoia.
The patch — macOS 15.0.1 — was most welcome because the original macOS 15 Sequoia release had been breaking the functionality of security products from CrowdStrike, SentinelOne, and Microsoft for the past two weeks.
Mac users were largely in the dark about these issues until Apple finally released the patch late last week.
The incompatibility issues manifested in various ways, including software crashes, conflicts with system processes, and reduced functionality. The issues were caused by discrepancies in the software's interactions with the underlying operating system or changes in the macOS environment.
“These compatibility problems posed a significant security risk as they could potentially compromise the effectiveness of security measures and leave systems vulnerable to exploitation,” said Sarah Jones, cyber threat intelligence research analyst at Critical Start. “To address these concerns, Apple promptly released an update to macOS Sequoia that resolved the compatibility issues and ensured seamless integration with third-party security software.”
Jones said security teams should take advantage of this update to ensure that their managed devices are protected by the latest security measures. By verifying vendor support and updating their security software, Jones said teams can maintain a high level of security and mitigate potential risks. Security teams should also monitor for future updates to help them stay informed about any additional improvements or changes that may affect their security posture, Jones continued.
Release and iterate, ‘twas ever thus
The issues with the macOS update brought to light how the major OS vendors often roll out incomplete products, looking to make upgrades as the OS iterates. Such practices have been common in the industry for decades from Apple and Microsoft. In this case, Apple finally responded once users raised the issue and it was widely reported in the trade press.
John Bambenek, president at Bambenek Consulting, said operating system companies have large partner organizations so that major software products, including security products, can test their software against soon-to-be-released operating system versions to ensure compatibility.
“For whatever reason, that did not happen here,” said Bambenek. “This is a reminder that despite the advice to patch immediately, organizations need to make sure their security tools and custom applications will work on new versions of software before it rolls out to production. Organizations should test releases by Apple to make sure their security tools work and then get it deployed out to their production environment if there is no issues.”
Mayuresh Dani, manager of security research at the Qualys Threat Research Unit, added that based on how these events unfolded, it appears that the first security update was rushed and a new version primarily fixes the issues. Although not many technical details are publicly available, Dani said the modifications done to the networking stack seem not to be in line with security vendors and, hence, this situation and the need for this most recent patch.
Dani recommended two steps security teams should take:
- Install macOS Sequoia 15.0.1 on a mix of test systems with security software installed to verify their proper operation and have users test it out.
- Post certification, update to macOS Sequoia 15.0.1 at the earliest.
