Apple Updates Platform Security Guide, Says Kernel Extensions Won't Be Supported on Future Apple Silicon Macs

Apple today shared an updated version of its Platform Security Guide [PDF], providing a comprehensive overview of the latest security advancements across iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, watchOS 7, and more.

apple devices mac iphone ipad watch collage
For example, the guide provides security details about Safari's optional Password Monitoring feature on iOS 14 and macOS Big Sur, which automatically keeps an eye out for any saved passwords that may have been involved in a data breach. Apple also outlines the security of its new digital car keys feature on the iPhone and Apple Watch.

Apple updated its "commitment to security" preamble, touting the security advantages of Apple-designed chips across the iPhone, iPad, Apple Watch, and Mac:

Apple continues to push the boundaries of what's possible in security and privacy. This year Apple devices with Apple SoC's across the product lineup from Apple Watch to iPhone and iPad, and now Mac, utilize custom silicon to power not only efficient computation, but also security. Apple silicon forms the foundation for secure boot, Touch ID and Face ID, and Data Protection, as well as system integrity features never before featured on the Mac including Kernel Integrity Protection, Pointer Authentication Codes, and Fast Permission Restrictions. These integrity features help prevent common attack techniques that target memory, manipulate instructions, and use javascript on the web. They combine to help make sure that even if attacker code somehow executes, the damage it can do is dramatically reduced.

New sections have been added for Macs with Apple silicon, outlining the security of the boot process, boot modes, startup disk, Rosetta 2 translation process for running Intel-based Mac apps, FileVault, Activation Lock, and more.

As expected, the guide confirms that kernel extensions will not be supported on future Macs with Apple silicon (emphasis ours):

In addition to enabling users to run older versions of macOS, Reduced Security is required for other actions that can put a user's system security at risk, such as introducing third-party kernel extensions (kexts). Kexts have the same privileges as the kernel, and thus any vulnerabilities in third-party kexts can lead to full operating system compromise. This is why developers are being strongly encouraged to adopt system extensions before kext support is removed from macOS for future Mac computers with Apple silicon.

macOS Catalina was the last version of macOS to fully support kernel extensions. Apple says kernel extensions are no longer recommended for macOS, noting that they pose a risk to the integrity and reliability of the operating system.

Starting with macOS Catalina, developers have been able to use system extensions that run in user space rather than at the kernel level. System extensions running in user space are granted only the privileges necessary to perform their specified function, which increases the stability and security of macOS, according to Apple.

Apple includes a document revision history section in the Platform Security Guide with a list of all new and updated information.

Apple also has a new Security Certifications and Compliance Center.

Top Rated Comments

chucker23n1 Avatar
24 months ago
"Apple continues to push the boundaries of what's possible in security and privacy."

I mean, sure, yes. But also: "Apple continues to reduce the ceiling of what's possible in macOS."
Score: 28 Votes (Like | Disagree)
asiga Avatar
24 months ago
At the end, their goal is that MacOS is just iPadOS with Terminal and Xcode.
Score: 26 Votes (Like | Disagree)
jameslmoser Avatar
24 months ago
Anyone surprised by this hasn't been paying attention. Apple is transforming Macs into Apple Service Appliances, and allowing you to customize your OS and install stuff from other places than the App store or developer signed Apps doesn't make them any money.
Score: 16 Votes (Like | Disagree)
aednichols Avatar
24 months ago
Herding developers to run app code in userspace instead of the kernel is just a good idea in general.

I've already been avoiding kext-based apps where possible for years.
Score: 16 Votes (Like | Disagree)
leman Avatar
24 months ago
Anyone surprised by this has not been following macOS development for the last couple of years. Kernel extensions are out, userland drivers are in.


I mean, sure, yes. But also: "Apple continues to reduce the ceiling of what's possible in macOS."
If DriverKit supports enough relevant use cases, I don't see a problem.


Apple is inching MacOS to full Mach, which would be awesome... killing kernel extensions before having third-party GPU support will be interesting. What is old is new again https://en.wikipedia.org/wiki/MkLinux
There won't be any third party GPU support on Apple Silicon. Why would Apple sabotage the developer and user experience ecosystem they have been painstakingly bulding?


VirtualBox
Made irrelevant by the new virtualization framework. Parallels Preview runs on M1 without any kernel extensions.
Score: 14 Votes (Like | Disagree)
jrlcopy Avatar
24 months ago
Umm.... that's like a decent amount of professional apps.
Score: 8 Votes (Like | Disagree)

Related Stories

new m1 chip

Key M1 Mac Engineer Departs Apple for Intel

Thursday January 6, 2022 2:31 pm PST by
Apple's former Director of Mac System Architecture Jeff Wilcox this week announced that he has left Apple to take on a new role at Intel. As noted on LinkedIn (via Tom's Hardware), Wilcox was part of Apple's M1 team and he had a key role in the transition from Intel chips to Apple silicon. Wilcox's profile says that he "led the transition" for all Macs to Apple silicon, and prior to that, he ...
OneDrive

Microsoft OneDrive Gains Native Support for Apple Silicon Macs

Monday February 28, 2022 5:21 pm PST by
Microsoft has been testing a pre-release Apple silicon version of OneDrive since last year, and now the native version of the app is available for all OneDrive users. "We're excited to announce that OneDrive sync for macOS will now run natively on Apple silicon. This means that OneDrive will take full advantage of the performance improvements of Apple silicon," Microsoft said in an...
macOS Monterey on MBP Feature

Apple Seeds Third macOS Monterey 12.3 Beta to Developers

Tuesday February 15, 2022 10:13 am PST by
Apple today seeded the third beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the second macOS Monterey 12.3 beta. Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
General Dropbox Feature

Apple Confirms macOS 12.3 Deprecates Kernel Extensions Used by Dropbox and OneDrive

Thursday January 27, 2022 11:29 am PST by
Apple today seeded the first beta of macOS 12.3 to developers for testing. In the release notes for the update, Apple confirms that it has deprecated kernel extensions used by Dropbox and Microsoft OneDrive and notes that both cloud storage services have replacements for the functionality currently in beta. Earlier this week, Dropbox announced that users who update to macOS 12.3 may...
apple silicon discord

Discord With Native Apple Silicon Support Now Rolling Out

Tuesday March 22, 2022 4:28 am PDT by
A version of Discord with native support for Apple silicon Macs is now rolling out to users, almost a year and a half after the first Macs with Apple silicon chips were shipped to customers. Until now, Discord users have had to rely on Rosetta 2 technology to use Discord on Apple's latest Macs. While usable, Discord on Rosetta 2, which translates apps made for Intel-based Macs to run on...
macOS Big Sur Feature Orange

Apple Seeds macOS Big Sur 11.6.1 Beta to Developers With Security Fixes

Thursday September 30, 2021 1:53 pm PDT by
Apple today seeded a macOS Big Sur 11.6.1 beta to developers for testing purposes, with the update coming two weeks after the launch of macOS Big Sur 11.6. Registered developers can download the beta through the Apple Developer Center and once the appropriate profile is installed, betas will be available through the Software Update mechanism in System Preferences. According to Apple's...
password hide security recommendation ios 15 4

iOS 15.4 Beta Adds Option to Hide iCloud Keychain Security Recommendations

Tuesday February 1, 2022 9:59 am PST by
For iCloud Keychain passwords, Apple has long offered security recommendations for weak, compromised, or repeated passwords that need updating for maximum protection, but in some situations, you might have passwords that you can't change and annoying alerts you can't get rid of. That's changing in iOS 15.4, which is currently in beta testing. In the iOS 15.4 update, any security...
macOS Monterey on MBP Feature

Apple Releases macOS Monterey 12.3 With Universal Control, Spatial Audio Dynamic Head Tracking on M1 Macs and More

Monday March 14, 2022 9:44 am PDT by
Apple today released macOS Monterey 12.3, the third major update to the macOS Monterey operating system that launched in October 2021. macOS Monterey 12.3 comes more than a month after the launch of macOS 12.2, an update that addressed a Safari vulnerability. The ‌‌‌‌macOS Monterey‌ 12.3‌‌ update can be downloaded on all eligible Macs using the Software Update section of System ...

Popular Stories

maxresdefault

Can't Get an iPhone 14 Pro? Here's Why You Should Wait for the iPhone 15 Ultra

Monday December 5, 2022 11:44 am PST by
Due to production issues at Apple supplier factories in China, the iPhone 14 Pro and iPhone 14 Pro Max are backordered and basically out of stock at every store. If you were planning to gift or receive an iPhone 14 Pro model for the holidays and didn't already get one, you're basically out of luck because they're gone until late December. Subscribe to the MacRumors YouTube channel for more ...
Apple advanced security Advanced Data Protection screen Feature

FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users

Thursday December 8, 2022 2:45 am PST by
Apple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos, and more, meeting the longstanding demand of both users and privacy groups who have rallied for the company to take the significant step forward in user privacy. iCloud end-to-end encryption, or what Apple calls "Advanced Data Protection,"...
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Launching This Month With These 8 New Features

Thursday December 1, 2022 8:44 am PST by
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far. iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
maxresdefault

Hands-On With Apple Music Sing in iOS 16.2

Wednesday December 7, 2022 12:24 pm PST by
With the iOS 16.2 release candidate that came out today, Apple added the new Apple Music Sing feature that was announced earlier this week. We thought we'd check out the new karaoke feature to see how it works. Subscribe to the MacRumors YouTube channel for more videos. Apple Music Sing is available on modern iPhones and iPads, as well as the newest Apple TV 4K. It's built in to the Apple...
Apple car wheel icon feature yellow

Apple to Charge Under $100,000 for Apple Car, Launch Planned for 2026

Tuesday December 6, 2022 2:31 pm PST by
Apple is aiming to launch an Apple-branded consumer-oriented vehicle by 2026, and its goal is to hit a price point under $100,000 to make the car appeal to a wider range of customers, reports Bloomberg. Apple initially planned to design a car that might look similar to Canoo's Lifestyle Vehicle, where passengers could face one another in a limousine-style car with no steering wheel or...
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Expected to Launch Next Week With These 12 New Features

Thursday December 8, 2022 7:05 am PST by
iOS 16.2 is expected to be released next week following nearly two months of beta testing. With last-minute additions like Apple Music Sing and Advanced Data Protection, the software update now has over a dozen new features for the iPhone. Below, we've recapped many of the new features coming with iOS 16.2, including Apple's new whiteboard app Freeform, two new Lock Screen widgets, the...
introducing apple music sing

Apple Music Adding a Karaoke Experience With Apple Music Sing

Tuesday December 6, 2022 7:09 am PST by
Apple today announced Apple Music Sing, a new feature in Apple Music that lets users sing their favorite songs with adjustable vocals and more. Apple Music Sing will utilize Apple Music's real-time lyrics to allow users to sing to their favorite songs using adjustable vocals, background vocals, and duet view to allow more than one singer.Apple Music Sing includes: Adjustable vocals: Users...
Twitter Feature

Twitter to Charge $11 Per Month for Twitter Blue on iPhone, $7 on Website

Wednesday December 7, 2022 6:47 pm PST by
Twitter plans to charge $11 per month for a Twitter Blue subscription on the iPhone in order to account for the 30 percent cut that Apple takes from in-app purchases, reports The Information. On the web, Twitter Blue will be priced at $7 per month. Prior to when Twitter Blue was paused, Twitter was charging $7.99 for a subscription, but the pricing will change before it relaunches. According ...
Apple advanced security Advanced Data Protection screen Feature

Apple Announces End-to-End Encryption Option for iCloud Photos, Notes, Backups, and More

Wednesday December 7, 2022 10:00 am PST by
Apple today announced it is expanding end-to-end encryption to many additional iCloud data categories on an opt-in basis for enhanced security. iCloud already protects 14 data categories using end-to-end encryption by default, including the Messages app when backups are disabled, passwords stored in iCloud Keychain, Health data, Apple Maps search history, Apple Card transactions, and more,...