The publication of Apple’s macOS 13 Ventura OS system was launched on October 24, but the new operating system has many new features that Mac users will love. But it can also cause problems for people who depend on third-party security software like monitoring and malware scanners.
Apple created a bug in its 11th Ventura Beta developer beta that prevented third-party security products access to their scans. Although there are ways to allow the permission to be granted, users who have upgraded their Macs to Ventura might not know that the issue exists or the necessary information to correct it.
WIRED reported that Apple assured WIRED it would fix the issue with the next macOS software upgrade, however they declined to specify the date. Customers may be surprised to learn that Mac security tools don’t work as they should. Third-party security vendors are scrambling for answers as to the extent of the problem.
“Of course, all of this coincided with us releasing a beta that was supposed to be compatible with Ventura,” says Thomas Reed, director of Mac and mobile platforms at the antivirus maker Malwarebytes. “So we were getting bug reports from customers that something was wrong, and we were like, ‘crap, we just released a flawed beta.’ We even pulled our beta out of circulation temporarily. But then we started seeing reports about other products, too, after people upgraded to Ventura, so we were like, ‘uh oh, this is bad.’”
To conduct scans of the system and identify malicious activity, security monitoring tools require full disk access. Because this access can be misused, it should only be given to trusted programs. Apple makes it mandatory that users authenticate and go through several steps before they can grant access to any anti-virus service or system monitor tool. It is less likely an attacker will be able to bypass these steps or trick users into granting unknowingly access to malicious programs.
Csaba, a long-time macOS security researcher, found that, while the setup protections were strong, there was a flaw in Transparency, Consent and Control, which allows an attacker to quickly deactivate and revoke permissions once they have been granted. An attacker could also disable tools that users depend on to alert them of suspicious activity.
Fitzl said that Apple had attempted multiple times to correct the flaw throughout 2022. Each time Fitzl found a way around the problem, Fitzl stated. Apple made more substantial changes in Ventura to the way it handles security permissions. The company did make a mistake though that is now the source of the problems.
“Apple fixed it, and then I bypassed the fix, so they fixed it again, and I bypassed it again,” Fitzl says. “We went back and forth like three times, and eventually they decided that they will redesign the whole concept, which I think was the right thing to do. However, it was somewhat unfortunate that it appeared in Ventura beta just two weeks ahead of public release. The issue was quickly discovered. It just happened.”