The release Apple’s new macOS 13 Ventura operating system October 24th brought a bunch of new features to Mac users, but it also caused problems for those who rely on third-party security programs like malware scanners and tools. monitoring.
In the process of patching a flaw in the 11th Ventura developer beta, released on October 11, Apple inadvertently created a vulnerability that renders third-party security products inaccessible. access they need to scan. And while there is a workaround for permissions, people upgrading their Macs to Ventura may not realize that anything is wrong or have the information needed to fix the problem.
Apple told WIRED it will address the issue in the next macOS software update but declined to say when it will. Meanwhile, users may not know that their Mac security tools are not working as expected. The confusion has left third-party security vendors scrambling to understand the scope of the problem.
“Of course, all of this coincided with our release of a supposedly compatible beta,” said Thomas Reed, director of Mac and mobile platforms at antivirus maker Malwarebytes. with Ventura. “So we got a bug report from a customer that something was wrong, and we were like, ‘crap, we just released a flawed beta.” We even took a temporary break. But then we also started seeing reports of other products, after people upgraded to Ventura, so we said, ‘uh oh, this so bad. “
Security monitoring tools need system visibility, known as full disk access, to conduct scans and detect malicious activity. This access is very important and should only be granted to trusted programs, as it can be abused into the wrong hands. As a result, Apple requires users to go through multiple steps and authentication before they authorize an antivirus service or system monitoring tool. This makes it less likely that an attacker can somehow bypass these barriers or trick a user into unknowingly granting access to a malicious program.
However, longtime macOS security researcher Csaba Fitzl found that while these setup protections are robust, he was able to exploit a loophole in macOS user privacy protections called Transparency, Consent and Control to easily deactivate or revoke permissions once granted. In other words, an attacker could disable the very tool that users rely on to alert them to suspicious activity.
Apple tried to fix the bug several times throughout 2022, but each time, Fitzl said, he was able to find a workaround for the company’s patch. Finally, Apple has taken a bigger step in Ventura and made more comprehensive changes to how permissions are managed for security services. In doing that, however, the company made another mistake that caused its current problems.
“Apple fixed it, and then I ignored the fix, so they fixed it again and I ignored it again,” Fitzl said. “We went back and forth like that three times, and in the end they decided that they were going to redesign the whole concept, which I thought was the right thing to do. But it’s a bit unfortunate that it debuted in Ventura’s beta so close to its public release, just two weeks before. There is no time to be aware of this problem. It just happened.”