Updated on 2022-10-30: A bug in macOS Ventura breaks third-party security tools
For all the good Apple does with security, it massively lets itself down on the basics. Close towards the end of macOS Ventura’s development, Apple “accidentally introduced a flaw that cuts off third-party security products from the access they need to do their scans,” reports @lilyhnewman. The problem is that while there’s a workaround, many who upgrade their Macs to Ventura “may not realize that anything is amiss or have the information needed to fix the problem.” Yeah, that’s not good! Apple said it’ll fix the bug but won’t say when (read: Apple really doesn’t want anyone to notice). Security monitoring tools like antivirus engines need “full disk access,” and ensuring that the feature is working properly is easy, but critically, “once you know to do it.” It’s a shame when the only people who will get hurt by this are Mac users. Read more: Other security features: Rapid Security Response
This is just such a 🤦♂️ situation. Luckily there’s a workaround! But users have to, you know, hear about it and do it and stuff https://t.co/gsXi5XapNP
— Lily Hay Newman (@lilyhnewman) October 26, 2022
New from @lilyhnewman: "A Bug in Apple MacOS Ventura Breaks Third-Party Security Tools" (featuring #OBTS speakers @thomasareed & @theevilbit) 🤦🏻♂️🍎🐛
…but some good news: "Apple told WIRED that it will resolve the issue in the next macOS update" https://t.co/IoSyhzmI7Z
— Patrick Wardle (@patrickwardle) October 27, 2022
Overview: Apple Plans Fix for macOS Ventura Bug that Disrupts Third-Party Security Tools
Apple says it will fix an issue in macOS Ventura that renders third party security tools unable to access resources necessary to operate. The issue affects the macOS Ventura beta version that was released on October 11. There is a workaround available. Apple says that the problem will be resolved in the next macOS software update.
Note
- Essentially the full disk access privilege gets revoked for security tools. The fix was intended to prevent attackers from gaining the access they needed to operate. If affected, you need to unlock the preferences, revoke the privilege explicitly, lock the preferences, then repeat granting the privilege this time. This doesn’t impact enterprise systems pushing Ventura updates via their MDM.
Read more in
