Apple has shared a new support document that indicates kernel extensions — which it calls "legacy system extensions" — will not be compatible with a future version of macOS because they "aren't as secure or reliable as modern alternatives."
System extensions are a category of software that works in the background to extend the functionality of your Mac. Some apps install kernel extensions, which are a kind of system extension that works using older methods that aren't as secure or reliable as modern alternatives. Your Mac identifies these as legacy system extensions.
Starting in macOS 10.15.4, released this week, a warning will now appear when a kernel extension first loads, and again periodically while the extension remains in use. Users began noticing the warning during beta testing.
Apple says it began informing developers that macOS Catalina will be the last macOS to fully support kernel extensions in 2019, adding that it has been working with developers to transition their software. A final transition date has not yet been set, but some developers are assuming that kernel extensions will be deprecated in macOS 10.16.
Apps with kernel extensions will continue to work in macOS Catalina.
"By moving beyond these extensions, developers are helping to further modernize the Mac, improve its security and reliability, and enable more user-friendly software distribution methods," the support document reads.
One affected app is Malwarebytes, which said that "a significant percentage of our total support case volume" was related to the new kernel extension warning less than 24 hours after the public release of macOS 10.15.4.
If your software has a kernel extension, you are probably already being inundated with customer support concerns about the dialog shown here. It's going to get bad. A significant percentage of our total support case volume now relates to this, less than 24 hours later. 🤦♂️ pic.twitter.com/PtALDgFM58 — Thomas Reed (@thomasareed) March 25, 2020
Malwarebytes director Thomas Reed said Apple has a new EndpointSecurity framework as a replacement for kernel extensions:
We are aware of this, and have been working on replacing our kernel extension since late last year. We plan to replace it with Apple's new EndpointSecurity framework before the release of macOS 10.16, when it is assumed that kernel extensions will no longer work, in part or in full. (We only know that Apple has said they "will not work without compromise" in "a future version of macOS." But we'd rather not find out the hard way exactly what that means.)
The kernel extension will continue to be supported for macOS 10.14 (Mojave) and earlier, but macOS 10.15 (and later) will no longer need it, once we have an update available.
So, no need to panic. We've still got your back, and won't let your protection falter. All you've got to do is make sure you're keeping Malwarebytes for Mac up-to-date. If you have updated to at least version 4.2, and have not disabled the new auto-update feature, it'll update itself in the background without you needing to do anything. To ensure you're up-to-date, just open Malwarebytes and choose Check for Updates from the Malwarebytes menu.
Technical details for developers are available in an Apple document titled "Deprecated Kernel Extensions and System Extension Alternatives."
