Delay Upgrading to macOS Sequoia, Security Experts Recommend

Not Yet Compatible: Many Third-Party Endpoint Security, Authentication, VPN Tools
Delay Upgrading to macOS Sequoia, Security Experts Recommend
Image: Apple

Multiple makers of third-party Apple security tools, including CrowdStrike and SentinelOne, are warning users not to upgrade to the new macOS 15 Sequoia, pending needed OS bug fixes.

See Also: SASE: Recognizing the Challenges of Securing a Hybrid Workforce

Apple's brand-new OS, released Monday, appears to have a number of problems that have security and usability ramifications, including networking bugs, virtual private networking software crashing and DHCP sometimes failing to return IP addresses.

Some organizations advise their users to stick with macOS 14 Sonoma indefinitely, for a variety of reasons. They include the University of Colorado-Boulder, which said systems running macOS 15 cannot currently access campus Wi-Fi.

"As is often the case with new operating systems, there are expected incompatibilities with a number of widely used applications at CU Boulder and beyond," the university told users. It recommends pausing any move to macOS 15 Sequoia "until most incompatibilities are addressed."

Multiple users have also reported that iCloud connectivity issues are preventing them from using some built-in applications, including Apple Messages, Music and FaceTime. The built-in firewall sometimes blocks connections, including for Zoom and the Firefox browser.

"It seems the OS firewall can sometimes start blocking access to web browsing after upgrading to macOS Sequoia," said developer Wacław Jacek, who works for WordPress maker Automattic.

"SSH sessions will drop after a few minutes, VPN service are slow and/or unreliable," one user who works for a large technology firm reported on the r/MacOS subreddit.

"You will get an error message in some apps and others will just hang, but none of the errors are very intuitive," they said, adding that their company "opened an issue and notified Apple directly during the beta program," but the problem persisted in the 15.0 release and 15.1 beta.

Mac developer Norbert Doerner called the current state of macOS 15 networking "a complete disaster," saying "connections drop all the time, speed is often glacial, connections fail all the time."

Doerner, developer of the long-running Mac digital asset management tool NeoFinder, said that "if you use your Mac for work, better stay away from macOS 15 as long as you can."

Multiple developers said they saw problems while testing beta versions of Sequoia. "Worth stressing this was reported to Apple before the GA was released (by multiple people, to multiple teams/orgs within Apple) so Apple 100% knew about this, and shipped macOS 15 anyways," said veteran Mac security researcher Patrick Wardle, founder of the Objective-See Foundation devoted to creating free, open-source security tools for macOS.

Apple didn't immediately respond to a request for comment.

Many EDR Tools Not Yet Compatible

Numerous third-party endpoint security tools are not yet compatible with the new OS. That includes CrowdStrike's Falcon sensor for Mac.

"Due to changes to internal networking structures on macOS 15 Sequoia, customers should not upgrade until a Mac sensor is released that fully supports macOS 15 Sequoia," the company reportedly told users. Customers can log into its support portal to be alerted when this happens.

One CrowdStrike Falcon user who updated to macOS 15 anyway reported seeing "partial website loads and sometimes just blank screens with the new MacOS," until they disabled the Falcon network filter.

CrowdStrike's customer alert says Apple told it that in macOS 15.0 and the macOS 15.1 beta there are still several known problems, including that "network connections created by command line tools are attributed by the content filter API to Terminal instead of the command line tool," which is the cause of the compatibility problem.

Another problem Apple reports: single sign-on logins failing for users of the Okta FastPass passwordless authentication service.

Other EDR vendors have also urged customers to delay moving to Sequoia. SentinelOne, reported TechCrunch, has advised customers: "Do not upgrade your endpoints until you have a supported SentinelOne Agent," due to ongoing compatibility problems.

Some users have reported having problems after updating to Sequoia and attempting to run Microsoft Defender for macOS. Microsoft's official release notes, updated Thursday, say it's currently only supporting macOS 12 Monterey, 13 Ventura and 14 Sonoma. The company didn't immediately respond to a request for comment about when it expected to ship a Sequoia-compatible version.

Eset has warned users to update to at least Eset Endpoint Security version 8.1.6.0 or Eset Cyber Security version 7.5.74.0, which are compatible with Sequoia. Not doing so might lead to "a network connection loss," it said.

Further Problems

Mac security experts said they've unearthed numerous problems that Apple will need to rectify. "I'm also hearing that firewall and other security and networking settings were silently reverted by the Sequoia update," said developer Michael Tsai.

Similar problems came to light after the release of Apple's macOS 13 Ventura operating system. As Wired reported at the time, multiple third-party Mac security tools didn't function, although that wouldn't necessarily have been obvious to end users.

Vulnerability researcher Will Dormann, who has detailed problems with how Sequoia handles DNS, said Apple did itself no favors by not making beta versions of the new OS easier to test, especially using a virtual machine. "I wonder why more people didn't beta test macOS Sequoia? Oh, trust me … I tried!" he said. "But to run Sequoia in a VM, you need to have updated files to support Sequoia. Which you won't have unless your host is running Sequoia. Or possibly once Apple releases the updates along with Sequoia itself."

Dormann said that "if I can't run it in a VM, I'm not going to run it. And I have to assume that I'm not the only one who feels this way."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.