Apple Updates Platform Security Guide, Says Kernel Extensions Won't Be Supported on Future Apple Silicon Macs

Apple today shared an updated version of its Platform Security Guide [PDF], providing a comprehensive overview of the latest security advancements across iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, watchOS 7, and more.

apple devices mac iphone ipad watch collage
For example, the guide provides security details about Safari's optional Password Monitoring feature on iOS 14 and macOS Big Sur, which automatically keeps an eye out for any saved passwords that may have been involved in a data breach. Apple also outlines the security of its new digital car keys feature on the iPhone and Apple Watch.

Apple updated its "commitment to security" preamble, touting the security advantages of Apple-designed chips across the iPhone, iPad, Apple Watch, and Mac:

Apple continues to push the boundaries of what's possible in security and privacy. This year Apple devices with Apple SoC's across the product lineup from Apple Watch to iPhone and iPad, and now Mac, utilize custom silicon to power not only efficient computation, but also security. Apple silicon forms the foundation for secure boot, Touch ID and Face ID, and Data Protection, as well as system integrity features never before featured on the Mac including Kernel Integrity Protection, Pointer Authentication Codes, and Fast Permission Restrictions. These integrity features help prevent common attack techniques that target memory, manipulate instructions, and use javascript on the web. They combine to help make sure that even if attacker code somehow executes, the damage it can do is dramatically reduced.

New sections have been added for Macs with Apple silicon, outlining the security of the boot process, boot modes, startup disk, Rosetta 2 translation process for running Intel-based Mac apps, FileVault, Activation Lock, and more.

As expected, the guide confirms that kernel extensions will not be supported on future Macs with Apple silicon (emphasis ours):

In addition to enabling users to run older versions of macOS, Reduced Security is required for other actions that can put a user's system security at risk, such as introducing third-party kernel extensions (kexts). Kexts have the same privileges as the kernel, and thus any vulnerabilities in third-party kexts can lead to full operating system compromise. This is why developers are being strongly encouraged to adopt system extensions before kext support is removed from macOS for future Mac computers with Apple silicon.

macOS Catalina was the last version of macOS to fully support kernel extensions. Apple says kernel extensions are no longer recommended for macOS, noting that they pose a risk to the integrity and reliability of the operating system.

Starting with macOS Catalina, developers have been able to use system extensions that run in user space rather than at the kernel level. System extensions running in user space are granted only the privileges necessary to perform their specified function, which increases the stability and security of macOS, according to Apple.

Apple includes a document revision history section in the Platform Security Guide with a list of all new and updated information.

Apple also has a new Security Certifications and Compliance Center.

Top Rated Comments

chucker23n1 Avatar
40 months ago
"Apple continues to push the boundaries of what's possible in security and privacy."

I mean, sure, yes. But also: "Apple continues to reduce the ceiling of what's possible in macOS."
Score: 28 Votes (Like | Disagree)
asiga Avatar
40 months ago
At the end, their goal is that MacOS is just iPadOS with Terminal and Xcode.
Score: 26 Votes (Like | Disagree)
jameslmoser Avatar
40 months ago
Anyone surprised by this hasn't been paying attention. Apple is transforming Macs into Apple Service Appliances, and allowing you to customize your OS and install stuff from other places than the App store or developer signed Apps doesn't make them any money.
Score: 16 Votes (Like | Disagree)
aednichols Avatar
40 months ago
Herding developers to run app code in userspace instead of the kernel is just a good idea in general.

I've already been avoiding kext-based apps where possible for years.
Score: 16 Votes (Like | Disagree)
leman Avatar
40 months ago
Anyone surprised by this has not been following macOS development for the last couple of years. Kernel extensions are out, userland drivers are in.


I mean, sure, yes. But also: "Apple continues to reduce the ceiling of what's possible in macOS."
If DriverKit supports enough relevant use cases, I don't see a problem.


Apple is inching MacOS to full Mach, which would be awesome... killing kernel extensions before having third-party GPU support will be interesting. What is old is new again https://en.wikipedia.org/wiki/MkLinux
There won't be any third party GPU support on Apple Silicon. Why would Apple sabotage the developer and user experience ecosystem they have been painstakingly bulding?


VirtualBox
Made irrelevant by the new virtualization framework. Parallels Preview runs on M1 without any kernel extensions.
Score: 14 Votes (Like | Disagree)
jrlcopy Avatar
40 months ago
Umm.... that's like a decent amount of professional apps.
Score: 8 Votes (Like | Disagree)

Popular Stories

iOS 17

10 New Things Your iPhone Can Do in Next Week's iOS 17.4 Update

Friday March 1, 2024 1:30 am PST by
Apple will this month release iOS 17.4, its biggest iPhone software update of the year so far, featuring a number of features and changes that users have been anticipating for quite a while. Below, we've listed 10 new things that your iPhone will be able to do after you've installed the update, which is projected to arrive by March 7. When the day arrives, be sure to check Settings ➝...
Apple Maps vs Google Maps Feature

Apple Maps vs. Google Maps: Which Is Better?

Friday March 1, 2024 7:10 am PST by
Apple Maps has been providing navigational guidance to Apple users for almost 13 and a half years now, and much has changed about the app in that time. However, according to data from Canalys, the overwhelming majority of iPhones in the U.S. still have Google Maps downloaded as an alternative to Apple Maps, which comes preinstalled on all iPhones. We want to hear from MacRumors readers. Which do...
Apple Logo Spotlight

Source: Apple to Announce New Products This Week

Sunday March 3, 2024 11:38 am PST by
Apple plans to announce new products with press releases on its website this week, a proven source familiar with the matter told MacRumors. While the products that Apple plans to announce have not been disclosed, there are rumors about new iPads, Macs, and accessories. It is unclear exactly what will be announced this week. Bloomberg's Mark Gurman today reiterated that Apple is planning new...
apple tv plus banner

Apple TV+ Gains Over 50 Movies for a Limited Time

Friday March 1, 2024 6:29 am PST by
Apple TV+ today gained over 50 movies, adding to its back catalog of content for a limited time. The collection includes a large number of popular and classic titles. Subscribers can access the movies in a "Great Movies on Apple TV+" section in the Apple TV app. Some titles are also available in 3D. Movies in the collection include: 21 Jump Street 300 American Sniper Argo ...
iPad Air 12

Gurman: No Apple Event Planned for Upcoming iPads and Macs

Sunday March 3, 2024 5:09 am PST by
Apple does not plan to hold a traditional event to unveil new iPads and Macs, according to Bloomberg's Mark Gurman. Instead, he said Apple plans to announce the products on its website with a "series of online videos and marketing campaigns." If this plan is accurate, we can expect the new products to be announced with press releases on the Apple Newsroom website. Gurman expects Apple to...
airpods pro 2 pink

Apple Releases New Beta Firmware for AirPods Pro 2

Thursday February 29, 2024 11:41 am PST by
Apple today introduced a new beta firmware update for the AirPods Pro 2, both the USB-C and Lightning versions. The new firmware is version 6E188, up from the prior 6B34 firmware released in December. Apple does not often provide details or notes on what features might be included in the refreshed firmware, so it is unclear what's new. Note that this software is limited to developers at the...