Apple’s macOS Sequoia update is disrupting security tools from CrowdStrike, SentinelOne, and Microsoft and causing VPN issues.
Apple’s latest operating system update, macOS Sequoia, was released on September 16. It introduced several new features but is reportedly disrupting security tools from CrowdStrike, SentinelOne, and Microsoft and causing issues with third-party VPN connections.
MacOS 15 total fail in networking. VPNs not working anymore or something they disconnect without any reason, VMs are not working anymore using Shared Networking (@UTMapp). Sometimes DHCP is simply refusing to provide IP
— Alex Kleber a.k.a Privacy 1st (@privacyis1st) September 19, 2024
Apple’s new firewall, a key feature of Sequoia, is suspected to be the root cause. The firewall is intended to enhance security on untrusted networks but has inadvertently blocked essential network functions. Experts have identified issues such as blocked DNS requests and misaligned firewall GUI settings, affecting network-based tools.
Protip for MacOS Sequoia upgraders. There's a bug in the Apple firewall that's causing network disconnects and SSL cert warnings in multiple applications. It's not you. #macOSSequoia
— Brent Wyrick (@LobotC2DFW) September 19, 2024
Security Tools Disrupted by macOS Sequoia
macOS Sequoia’s release has been marred by reports of compatibility issues with prominent security tools, particularly from vendors like CrowdStrike, SentinelOne, and Microsoft.
CrowdStrike was forced to delay support for Sequoia, with its engineers citing significant changes in the network stack as the cause.
Despite efforts to resolve these issues quickly, vendors are still waiting for Apple to release a patch or update that addresses the root of the problem.
Waclaw Jacek, a security expert, wrote in his blog:
“It seems the OS firewall can sometimes start blocking access to web browsing after upgrading to macOS Sequoia.”
He shared a possible fix for the users who are struggling with Sequoia.
Firewall and DNS Issues
The Sequoia update changed Apple’s firewall, which may be disrupting network-based tools. Will Dormann, a vulnerability researcher, told 9to5Mac that DNS requests are blocked when the firewall is set to “Block incoming connections,” affecting both DNS and other network traffic. Dormann also identified misalignment between the firewall’s GUI and the actual firewall settings, complicating users’ adjustments.
Additionally, users have reported connection issues with VPN services like Windscribe on Sequoia, while others using VPNs such as NordVPN have avoided similar disruptions.
MacOS Sequoia blocks all iCloud and Messages services if you use a VPN! It's terrible, and they have no plans to fix it since the issue has been present since the beta versions!😡#macOSSequoia #macos #apple
— Tatarin (@Tatarinwe) September 19, 2024
Responses from Affected Vendors
CrowdStrike, SentinelOne, and other vendors have proactively communicated with their customers, urging them to delay upgrades until a fix is in place. CrowdStrike sent out a “Tech Alert” and is tracking feedback and cases submitted to Apple while also preparing to release its own updates to mitigate these issues.
ESET and Microsoft Defender are also reportedly experiencing network connection problems after the update. ESET recently warned customers about connection loss issues.
In summary, while macOS Sequoia brings new security features, it has inadvertently caused significant disruptions for enterprise users relying on third-party security tools and VPNs. Apple has yet to address these concerns, leaving many vendors scrambling to provide support for their users.