Apple’s Latest macOS Sequoia Update Breaking Several Security Tools

Apple’s recent release of macOS 15, also known as Sequoia, has been causing significant disruptions to various security tools designed by prominent cybersecurity companies such as CrowdStrike, SentinelOne, Microsoft, and others.

The issue, which has been reported on social media and in Mac-focused Slack channels, has left many users and security professionals frustrated.

Patrick Wardle, founder of Mac and iOS security startup DoubleYou, expressed his frustration with the recurring problem of Apple’s updates breaking security tools.

“As a developer of macOS security tools, it’s incredibly frustrating to time and time again have to deal with (understandably) upset users (understandably) blaming your tools for breaking their Macs, when in reality it was Apple’s fault all along,” Wardle told TechCrunch.

Meet the CISOs, Join the Virtual Panel to Learn compliance – Join Free

The problem seems to stem from changes in the network stack of macOS Sequoia. CrowdStrike, for instance, had to delay support for the new OS version due to these issues.

“I’m very sorry to report that we will not be supporting Sequoia on day 1 in spite of our intention (and previous track record) to support the latest OS within hours of [General Availability],” a CrowdStrike sales engineer stated in a Slack message.

Similar issues have been reported with other security tools, including SentinelOne and ESET.

SentinelOne warned customers not to upgrade to macOS Sequoia until they have a supported SentinelOne Agent, citing a series of issues with the new OS version. ESET alerted customers to a network connection issue after upgrading to macOS Sequoia.

Security researchers have also identified specific problems with the macOS firewall. Will Dormann noted issues with DNS and running his firewall on his macOS machine, while Wacław Jacek reported that the OS firewall can sometimes start blocking access to web browsing after upgrading to macOS Sequoia.

The issues with macOS Sequoia extend beyond security tools, affecting Firefox browser users as well, according to a separate Reddit thread.

Apple has not commented on the issue, leaving many to speculate about the cause and potential fixes. In the meantime, affected companies are advising users to hold off on upgrading to macOS Sequoia until these issues are resolved.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial