Skip to main content

Apple @ Work: Initial macOS Sequoia release broke networking for security and VPN tools – who’s responsible?

Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

The initial macOS 15 Sequoia released caused significant disruptions for users relying on cybersecurity tools like Endpoint Detection and Response solutions and VPN apps. Following the upgrade, multiple reports emerged about broken functionalities, explicitly blaming macOS systems’ security and network reliability. Check out 9to5Mac’s Security Bite for more information on what broke, but today, I want to look at who’s to blame.

About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.


The root of the EDR issue seems to be tied to internal changes in the networking stack of macOS Sequoia. According to technical reports I’ve seen, a change occurred in the way the operating system handles firewall settings. A previously supported method for managing firewall configurations—through the com.apple.alf.plist—has been deprecated. Developers must now use the socketfilterfw command-line tool to modify firewall settings. This change in the firewall architecture is believed to be behind the widespread reporting of connectivity and network stability issues.

Additionally, security researchers have pointed to failures in UDP traffic management, which have caused DNS-related issues. These failures further complicate the ability of macOS users to reliably stay connected to the Internet, particularly when using security tools and network filtering features on their Macs—which are often required in the enterprise for compliance reasons.

Several security vendors have already responded to the situation, advising users to postpone upgrading to macOS Sequoia until compatibility issues are addressed.

9to5Mac’s take

I’ve been monitoring this problem since macOS 15 was released, but I wanted to take a few weeks before talking about it. Similar to the issues with CrowdStrike and Windows from July, this might not be 100% Apple’s fault, but it is their problem. Apple is at the point in the enterprise where issues with enterprise security tools are a red alert. Apple relies on business customers to continue growing its macOS sales, and it must place nicely with enterprise security tools.

The real issue is how Apple manages its relationships with enterprise security vendors. Apple must view these vendors not as third parties but as key partners whose tools are critical to the security of its enterprise customers. A seamless integration between macOS and security solutions like EDR tools, VPNs, and antivirus software ensures business customers can continue operating securely and stay compliant.

Apple must work with these vendors throughout the entire macOS development lifecycle, including the beta periods. Major software updates, including changes to critical infrastructure like the network stack, can have unforeseen consequences on how third-party security tools function. By collaborating more closely with vendors like CrowdStrike, Microsoft, SentinelOne, and others during the beta testing phase, Apple can help identify and address these issues before the OS is generally available.

Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications