Security pros were still in the dark Sept. 20 about the root cause of why the latest macOS 15 Sequoia update from Apple was breaking the functionality of widely deployed security tools from Crowdstrike, SentinelOne, and Microsoft.
TechCrunch reported on Sept. 19 that on the day the new macOS update was released on Monday, a CrowdStrike sales engineer said in a Slack room for Mac admins that the company had to delay support for the new version of Mac’s operating system. Mac admins also reported on Reddit having issues running CrowdStrike on the updated macOS.
These issues brought to light how the major OS vendors often roll out incomplete products, looking to make upgrades as the OS iterates. Such practices have been common in the industry for decades from Apple and Microsoft, but it still led to people quoted in the press calling for Apple to spend less time on marketing — and more time developing better software.
An effort today by SC Media to reach Apple for comment was unsuccessful, which means that the industry still doesn’t know the cause of all these reported issues, or if Apple intends to issue a patch in the upcoming days or weeks.
“This situation poses significant risks for organizations relying on the affected security tools,” said Stephen Kowski, Field CTO at SlashNext Email Security. “Without proper endpoint protection, systems become more vulnerable to various cyber threats. It's crucial for IT teams to carefully weigh the benefits of updating against the potential security gaps.”
Kowski said security teams should immediately assess their existing setup and evaluate the impact of this macOS update on their protection measures. They should also consider implementing alternative security products that offer real-time threat intelligence and cross-platform protection, adding that it’s also wise to establish a robust patch management strategy to balance security needs with operational requirements.
“These types of compatibility issues with major OS updates are relatively common across various platforms,” said Kowski. “It highlights the ongoing challenge of balancing rapid innovation with maintaining seamless integration across diverse software ecosystems. Regular communication between OS developers and security vendors is crucial to minimize such incidents.”
Mayuresh Dani, manager of security research at the Qualys Threat Research Unit, added that from the looks of it, the networking stack — or the macOS Sequoia firewall to be specific — has undergone changes because the security tools that use it to provide security are not able to do so.
“Not just security tools,” said Dani. “VPNs are also having a difficult time getting a DNS resolution.”
Dani offered three tips for security teams responsible for managing Macs:
- Avoid updating to macOS Sequoia unless their security vendor has officially certified it for use.
- Turn off auto-updates to major OS releases before internal certification.
- Internally certify new operating system releases by installing dev and beta builds of operating systems with certified software before organizationwide deployments.
