Caution: macOS Ventura 13.0 May Break Your Security Tools
Apple released macOS Ventura on Oct 24, 2022, which came as no surprise as we’ve come to expect a new major version of macOS to be developed yearly. Addigy did several webinars leading up to the release, including a webinar on the release date to help users prepare. On Wednesday Oct 26, 2022, Apple started preparing a new build of Ventura to fix a critical bug in the release of macOS Ventura that breaks Endpoint Security tools unless they are managed by a Mobile Device Management (MDM) provider.
Apple attempted to fix several security issues with its Transparency Consent and Control (TCC) or also known as Privacy Policy Preferences Control (PPPC) framework that allowed users to bypass their security measures throughout the year but made a major change to the framework in the last couple weeks of the beta. Leaving no time to resolve the issue before Ventura went public to all users.
This impacts all major security vendors using the Endpoint Security Extension framework on macOS. The security software will lose Full Disk Access (FDA) if it was granted manually from the end user. When an application doesn’t have FDA from a PPPC perspective, it loses the ability to monitor the file system in relevant areas making the solution blind to possible threats. However, if the device is managed by MDM and provides FDA through MDM, then the security software will work without issue.
There is a manual workaround, where users can remove FDA manually and re-add it themselves in System Settings > Privacy and Security. However, the user must be an administrator on the device to perform these changes.
They should continue running fine if you are using Addigy MDM to manage your security solutions.
If you are not using Addigy MDM, you can enable it or sign up now to identify what machines may be in this state and notify them to fix the state of their security solution.