Archive for September 18, 2024

Wednesday, September 18, 2024

Feedback Feedback

Cesare Forelli:

I want to file a constructive Feedback to Apple about the developer experience with the Feedback process itself (very meta, I know), and I need yours!

5 quick & unbiased questions, please 🙏 answer them now.

Previously:

macOS Firewall Regressions in Sequoia

Will Dormann:

[Running] nslookup clearly causes a DNS request and a response to go over the wire, but nslookup eventually gives up thinking that no servers could be reached.

[…]

So if I turn off the macOS firewall, this all works fine. 🤔

[…]

Problem #1: “Block incoming connections” includes DNS responses is new as of macOS Sequoia. Prior to macOS 15 Sequoia “Block incoming connections” meant “Don’t poke a hole in my firewall for this”. Starting with Sequoia, this also includes “Don’t allow responses to DNS requests”, which is clearly a bug in the macOS stateful firewall. Any response to a request that I initiate should be allowed in.

Problem #2: The macOS GUI for firewall rules being disconnected from the existing rules (e.g. cannot change some) is apparently an artifact of macOS switching underlying storage for the firewall rules at some point. And the GUI apparently is only hooked up to the old storage. If you’ve had a Mac for a while, you’ll probably get bitten by this.

Wacław Jacek:

It seems the OS firewall can sometimes start blocking access to web browsing after upgrading to macOS Sequoia. At least this was the case for me and some folks on Reddit.

Going to the firewall settings screen, there can be no way to toggle access for the browser.

Ivo Damjanović:

I have an issue with the firewall too. It does not accept incoming SSH connections. But they are allowed. I think this is a bug. I can tell you how to edit the entry list. You are able to edit some of them because the UI uses an old firewall rule storage. You can not edit the rules that use the new storage. You may edit them with sudo /usr/libexec/ApplicationFirewall/socketfilterfw --listapps.

I’m also hearing that firewall and other security and networking settings were silently reverted by the Sequoia update.

See also: MacRumors, Reddit, ESET.

Previously:

Update (2024-09-20): Arin Waichulis:

However, according to TechCrunch, it now appears to be disrupting security tools made by CrowdStrike, SentinelOne, and Microsoft. Social media users are also reporting connection failures with third-party VPNs.

[…]

Patrick Wardle, a long-time iOS and Mac security expert and founder of the Objective-See Foundation, expressed his frustration, noting that Apple’s lack of thorough testing is to blame.

“As a developer of macOS security tools, its incredibly frustrating to time and time again have to deal with (understandably) upset users (understandably) blaming your tools for breaking their Macs, when in reality it was Apple’s fault all along,” Wardle told 9to5Mac.

Commenters on that article are blaming developers for not testing during the macOS beta period, but Wardle shows that the issue had been reported to Apple prior to the RC.

Update (2024-09-25): Brandon Vigliarolo:

Something’s wrong with macOS Sequoia, and it’s breaking security software installed on some updated Apple systems.

[…]

Both Microsoft and ESET have posted bulletins about networking problems in macOS 15, and both report different fixes for their respective problems as well.

[…]

Speaking to The Register, Wardle told us he’d heard from some of the larger vendors he’s spoken to that Apple has acknowledged some unintended changes that it was working on fixing, but said he wasn’t sure if that meant the issue was at the firewall or lower-level networking components.

Via Sam Rowlands:

Some users of my software have reported that the auto update system can fail also, in the networking portion of the code.

Apple Drops Lawsuit Against NSO Group

Ryan Naraine (via Hacker News):

Apple has abruptly withdrawn its lawsuit against NSO Group, citing increased risk that the legal battle might unintentionally reveal sensitive vulnerability data and difficulties in acquiring essential information from the spyware vendor.

In a court filing Friday, Apple said continuing the lawsuit now poses “too significant a risk” of exposing the anti-exploitation and threat intelligence efforts needed to fend off the very adversaries involved in the legal dispute.

[…]

Apple also cited concerns that NSO Group and unidentified officials in Israel may have taken actions to avoid producing information during discovery. “This means that going forward with this case will potentially involve disclosure to third parties of the information Apple uses to defeat spyware while Defendants and others create significant obstacles to obtaining an effective remedy,” the company said.

Nick Heer:

It also downplays the effects of a successful suit — a win would, according to Apple, “no longer have the same impact as it would have had in 2021” because there are plenty of NSO Group competitors.

WhatsApp appears to be continuing its suit against NSO Group. On the same day Apple filed its request to dismiss its case, WhatsApp attorneys were scheduling depositions (PDF).

Previously:

Update (2024-09-25): Tim Cushing:

In July, documents obtained by Distributed Denial of Secrets (DDoS) revealed the desperate measures NSO Group deployed to avoid having to turn over internal information during discovery in multiple lawsuits, including one filed by Apple. Knowing that discovery was inevitable, NSO met with Israeli government officials and asked them to secure a blocking order from the nation’s courts to prevent having to comply with discovery requests.

The government secured these orders and went to work shortly after WhatsApp served NSO with its discovery requests. According to the paperwork, the government needed to seize a bunch of the company’s internal documents for “national security” reasons, speculating disingenuously and wildly that turning over any information about NSO’s Pegasus phone-hacking malware would make the nation itself less secure.

Shortly thereafter, the Israeli government engaged in a performative raid of NSO’s offices to seize anything NSO felt might be disadvantageous in these lawsuits.

Canva Hikes Prices

Denham Sadler (via Hacker News, Slashdot):

Canva has announced a tripling of their prices for some of its users as the Australian tech company prepares for a public listing in the US.

In the US, some users have had their subscription increase from $119.99 per year to $300 per year for the first 12 months, then $500 per year thereafter– an increase of 316 per cent.

[…]

A spokesperson for Canva said the price rise was due in part to the introduction of a number of new features on the Canva platform, including many powered by AI and generative AI.

That’s the largest increase I can recall seeing.

Previously: