Apple MacOS Ventura bug breaks third-party security tools | Techno Glob


Apple tried to fix the bug several times in 2022, but each time, Fitzl says, he was able to find a workaround for the company’s patch. Finally, Apple took a big step forward in Ventura and made more sweeping changes to how it manages permissions for security services. In doing so, the company made a different mistake that is now causing its current problems.

“Apple fixed it, and then I bypassed the fix, so they fixed it again, and I bypassed it again,” says Fitzal. “We went back and forth three times, and in the end they decided they would redesign the whole concept, which I think is the right thing to do. But it was a little unfortunate that it was so close to public release in Ventura beta, just two weeks ago. There was no time to realize the problem. It just happened.”

If you’re using a security scanner on your Mac and you’re updating to macOS Ventura, check directly to see if the program is flagging an error. The solution to the problem is simple once you know how to do it. Go to Security & Privacy in System Preferences, then the Privacy tab, and then Full Disk Access. Click the lock icon in the lower-left corner of the screen and authenticate with your system password to allow changes. Then, uncheck the box next to any malfunctioning security services to let the system know that you want to disable their permission. Click the lock in the lower-left corner again to save the changes, then repeat the process and re-check the corresponding box to re-enable the permission without error.

“Once you upgrade to Ventura, you can run a Malwarebytes scan, but it won’t scan everything if it has full disk access and all real-time protection features are completely disabled,” says Malwarebytes’ Reed. “If we don’t have full disk access we are handicapped. And there are many ways you can tell if Malwarebytes isn’t working properly, but if you’re not looking in the right places or if you’ve disabled some settings, you might not notice. With other security clients, it’s probably the same — if you’re not interacting with it, you probably don’t know.”

The researchers noticed — and Apple confirmed to WIRED — that when large organizations use Apple’s “mobile device management” program, they upgrade their fleet of devices to Ventura. This is significant, because if the bug is carried over to managed enterprise devices, it will mean another reason for companies to hold off on important software updates.

macOS security researcher Patrick Wardle, founder of the Objective-C Foundation, says he still recommends that regular users upgrade their Macs to Ventura to get the new operating system’s other security and privacy protections. Meanwhile, Wardle says he’s been plagued by bug reports about his free, open-source malware monitoring tool, BlockBlock. The Ventura bug appears to allow security services like BlockBlock and Malwarebytes additional system access than this program requests, including accessibility permissions, access to input monitoring, and even screen recording.

“Users were asking me understandably, ‘Why does your tool need this?!’ And I’m like, ‘Oh, I have no idea. It doesn’t happen!” says Wardle. “This shows that while Apple is pushing security fixes for reported bugs, it is struggling to do so comprehensively and successfully without breaking other things. And in this case, they’re shipping a version of their operating system that’s breaking millions, if not millions, of security tools for millions of users. It is frustrating and depressing. “

Independent researcher Fitzal, who presented his root-disabling permission vulnerability findings at Black Hat Asia and Wardle’s Objective-C Mac and iOS security conference in May, says he sympathizes with the mistake.

“Apple was trying to redesign this thing to fix all my bypasses, and they made a mistake — it happens,” he says. But he adds ruefully, the whole situation has played out in an unfortunate way. “I felt a little weird about all these issues and pushed Apple into this because I was trying to fix something else.”



Source link