{"id":37544,"date":"2022-11-02T15:20:18","date_gmt":"2022-11-02T19:20:18","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=37544"},"modified":"2022-11-02T15:20:18","modified_gmt":"2022-11-02T19:20:18","slug":"ventura-bug-disables-security-software","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/11\/02\/ventura-bug-disables-security-software\/","title":{"rendered":"Ventura Bug Disables Security Software"},"content":{"rendered":"<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/11\/macos-ventura-bug-disables-security-software\">Thomas Reed<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/11\/macos-ventura-bug-disables-security-software\"><p>In the case of security software using Apple&rsquo;s Endpoint Security framework, it is an Apple-enforced requirement that the software get a higher level of permission from TCC - namely, Full Disk Access.<\/p><p>[&#8230;]<\/p><p>Unfortunately, in Ventura, affected software will appear to have FDA within this settings pane, but in reality it does not. Worse, you cannot simply &ldquo;turn it off and back on again,&rdquo; as the switch for turning off FDA for the security software refuses to turn off. This leaves the software in an unfortunate state where it cannot function, and the user (seemingly) cannot give it the access it needs.<\/p><p>[&#8230;]<\/p><p>It all began with a bug in macOS that was presented by security researcher Csaba Fitzl[&#8230;]. The bug was almost ridiculously simple: Execute a simple, short command (<code>tccutil reset All<\/code>) in the Terminal and you could revoke Full Disk Access from all security clients installed on the machine, rendering their real-time protection features inactive.<\/p><p>[&#8230;]<\/p><p>In essence, Apple&rsquo;s &ldquo;fix&rdquo; for this vulnerability ended up <em>causing<\/em> the results of the vulnerability, for all security software on all Ventura systems. &#x1F926;&#x200D;&#x2642;&#xFE0F;<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Thomas Reed: In the case of security software using Apple&rsquo;s Endpoint Security framework, it is an Apple-enforced requirement that the software get a higher level of permission from TCC - namely, Full Disk Access.[&#8230;]Unfortunately, in Ventura, affected software will appear to have FDA within this settings pane, but in reality it does not. Worse, you [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2022-11-02T19:20:20Z","apple_news_api_id":"6bd36bfa-43df-4687-8f55-c11223c3f572","apple_news_api_modified_at":"2022-11-02T19:20:20Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/Aa9Nr-kPfRoePVcESI8P1cg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,2018,30,2223,48,1181,1960],"class_list":["post-37544","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-endpoint-security","tag-mac","tag-macos-13-ventura","tag-security","tag-system-preferences","tag-transparency-consent-and-control-tcc"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/37544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=37544"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/37544\/revisions"}],"predecessor-version":[{"id":37545,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/37544\/revisions\/37545"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=37544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=37544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=37544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}