Apple Fixes Bugs in macOS Sequoia That Broke Some Cybersecurity Tools 15
Apple has rolled out an update to macOS 15 Sequoia that addresses compatibility issues with third-party security software that emerged in the initial release. The update, macOS 15.0.1, aims to resolve problems affecting products from CrowdStrike and Microsoft. The compatibility problems had disrupted the functionality of several cybersecurity tools when macOS 15 first launched in September.
Breaking those might be a 'feature'... (Score:2)
My experience with security stuff on the Mac is they increased system instability for no particular increase in security.
But still no vendor, including Apple, should release bugs. (And yeah, I know many of you think that's 'unrealistic'. That's OK, i'll just try to avoid your software....)
so much effort for security (Score:3)
So much effort goes into 'security' and yet we just await the next zero day. Year after year, nothing much changes but the bug of the day.
Is it just me or do we need some kind of overhaul in the way we build software?
Re: (Score:3)
Part of the issue, IMHO, is that there is little to no liability for writing insecure code. I've had conversations with several 'lead' developers, and even someone who is now a board member at a Fortune 10 company, that cybersecurity is pretty much a waste of time and effort and should not be worked on. I remember one time, on a project where the general public could literally be killed (it had happened to a competitor just months prior), I noticed that none of the project goals mentioned a word about secur
Re: (Score:2)
Year after year, nothing much changes but the bug of the day.
That is just completely false. The world of security has evolved dramatically over the years. We've gone from wormable exploits that would infect a Windows machine before it even has a chance to contact Windows Update, to a world where actual zero day exploits are hard enough that even some of the most sophisticated attacks don't even bother attacking the system, instead targeting the user (phishing, quishing, or even AI conference calls pretending to be a CEO).
Is it just me or do we need some kind of overhaul in the way we build software?
No, because building a superior human race did
Re: (Score:3)
Yeah, okay.
https://nvd.nist.gov/general/v... [nist.gov]
Re: (Score:2)
Yeah, okay.
https://nvd.nist.gov/general/v... [nist.gov]
Well, awwshit. What gp said sounded pretty reasonable, but those stats are ugly.
Re: (Score:2)
We use more software than ever. Using more software creates a larger attack surface. We are finding more kinds/types/locations of bugs. We keep building software the same way.
I don't have all of the answers but its time we have a conversation about building software in a way that is inherently more secure.
Re: (Score:2)
To me, citing the Windows codebase is canonical for "WE HAVE TO TO BETTER." Unfortunately, the dominance of Windows and its shitware taught a whole generation of people that 'software is inherently buggy and unreliable, and must always have security flaws." Mac OS X and particularly iOS, and Android, demonstrate that a similar codebase can have much higher security (measured in particular by -exploited vulnerabilities-.)
Re: (Score:2)
Here's the issue. The people writing the software have to write perfect code with zero security flaws. The people finding security flaws only have to find one. This highly asymmetric aspect is what makes security flaws inevitable - you constantly need to fix bugs, but an attacker only needs one bug to exploit.
As for changing how software is created - you can create secure software, but the consequences of such will mean costs skyrocket.
NASA had around 200,000 lines of code for the Space Shuttle. But they sp
Re: (Score:2)
Is it just me or do we need some kind of overhaul in the way we build software?
Release the woodpeckers!
Third party security tools (Score:2)
Do they mean Sequoia blocks their useless product?
Useless 3rd party tools (Score:2)
If these tools cannot handle a pre-announced OS upgrade that gave time for these companies to test their tools, how could anyone believe these supposed tools can handle zero day exploits in a timely manner?
Re: (Score:2)
This is sometimes Apple's fault - they release the beta but make final changes between the beta and the general that nobody can test.
What's the BFD? (Score:2)
> products from CrowdStrike and Microsoft
Sounds to me like nothing of any value was lost.