Connect with us

Tech

Security Bite: macOS Sequoia’s firewall is disrupting security tools, and more – 9to5Mac

Published

on

Security Bite: macOS Sequoia’s firewall is disrupting security tools, and more – 9to5Mac

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


On Monday, Apple released its latest iteration of Mac’s operating system, macOS Sequoia. The new update introduced tighter control over app permissions and an overhaul to Gatekeeper, among other features. However, according to TechCrunch, it now appears to be disrupting security tools made by CrowdStrike, SentinelOne, and Microsoft. Social media users are also reporting connection failures with third-party VPNs.

Details are sparse at the moment, but a possible source of the issues is Sequoia’s current firewall. This is useful for managing connections on untrusted networks. If you’re an everyday user and not a security nut or part of an enterprise team, your firewall is likely already off. This is the default on Mac, as most users are on trusted networks anyway (Apple’s way of balancing usability and security).

Many experts have noticed that turning off the firewall fixes the disruptions to any network-based tools. However, if the firewall is already enabled to begin with, you probably wouldn’t want to do this.

Patrick Wardle, a long-time iOS and Mac security expert and founder of the Objective-See Foundation, expressed his frustration, noting that Apple’s lack of thorough testing is to blame.

“As a developer of macOS security tools, its incredibly frustrating to time and time again have to deal with (understandably) upset users (understandably) blaming your tools for breaking their Macs, when in reality it was Apple’s fault all along,” Wardle told 9to5Mac.

“Déjà vu?! Did Apple *again* release a new OS that *again* breaks 3rd-party security tools?” he added in a posted on his LinkedIn in reference to a bug two years ago in MacOS Ventura that caused similar problems. “Root cause appears to either be macOS firewall itself, or the lower-level networking extension subsystem that is “corrupting packets” or other “unintentional changes” to network structures.”

Other security-focused communities are sharing similar concerns. Vulnerability researcher Will Dormann shared in a blog post that DNS requests over a network are blocked by macOS Sequoia when the firewall is set to “Block incoming connections,” which unexpectedly includes DNS responses. This issue did not exist in previous macOS versions, and it seems to be a bug in the current firewall. “Any response to a request that I initiate should be allowed in.”

Dormann also noted that another problem is that Sequoia’s firewall GUI is not synced correctly with the actual firewall rules, making it difficult for users to adjust or modify settings, especially for those using older Macs.

This would undoubtedly cause issues connecting to third-party VPNs. I’m currently having issues connecting with Windscribe on macOS Sequoia. Other members of 9to5Mac have no problems with Nord VPN. What about you?

If you’re a user of Crowdstrike, it appears Apple has already confirmed the networking issues happening. Hopefully a fix is in the works 🤞 and coming soon.

FTC: We use income earning auto affiliate links. More.

Continue Reading