Apple Updates Platform Security Guide, Says Kernel Extensions Won't Be Supported on Future Apple Silicon Macs

Apple today shared an updated version of its Platform Security Guide [PDF], providing a comprehensive overview of the latest security advancements across iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, watchOS 7, and more.

apple devices mac iphone ipad watch collage
For example, the guide provides security details about Safari's optional Password Monitoring feature on iOS 14 and macOS Big Sur, which automatically keeps an eye out for any saved passwords that may have been involved in a data breach. Apple also outlines the security of its new digital car keys feature on the iPhone and Apple Watch.

Apple updated its "commitment to security" preamble, touting the security advantages of Apple-designed chips across the iPhone, iPad, Apple Watch, and Mac:

Apple continues to push the boundaries of what's possible in security and privacy. This year Apple devices with Apple SoC's across the product lineup from Apple Watch to iPhone and iPad, and now Mac, utilize custom silicon to power not only efficient computation, but also security. Apple silicon forms the foundation for secure boot, Touch ID and Face ID, and Data Protection, as well as system integrity features never before featured on the Mac including Kernel Integrity Protection, Pointer Authentication Codes, and Fast Permission Restrictions. These integrity features help prevent common attack techniques that target memory, manipulate instructions, and use javascript on the web. They combine to help make sure that even if attacker code somehow executes, the damage it can do is dramatically reduced.

New sections have been added for Macs with Apple silicon, outlining the security of the boot process, boot modes, startup disk, Rosetta 2 translation process for running Intel-based Mac apps, FileVault, Activation Lock, and more.

As expected, the guide confirms that kernel extensions will not be supported on future Macs with Apple silicon (emphasis ours):

In addition to enabling users to run older versions of macOS, Reduced Security is required for other actions that can put a user's system security at risk, such as introducing third-party kernel extensions (kexts). Kexts have the same privileges as the kernel, and thus any vulnerabilities in third-party kexts can lead to full operating system compromise. This is why developers are being strongly encouraged to adopt system extensions before kext support is removed from macOS for future Mac computers with Apple silicon.

macOS Catalina was the last version of macOS to fully support kernel extensions. Apple says kernel extensions are no longer recommended for macOS, noting that they pose a risk to the integrity and reliability of the operating system.

Starting with macOS Catalina, developers have been able to use system extensions that run in user space rather than at the kernel level. System extensions running in user space are granted only the privileges necessary to perform their specified function, which increases the stability and security of macOS, according to Apple.

Apple includes a document revision history section in the Platform Security Guide with a list of all new and updated information.

Apple also has a new Security Certifications and Compliance Center.

Top Rated Comments

chucker23n1 Avatar
8 months ago
"Apple continues to push the boundaries of what's possible in security and privacy."

I mean, sure, yes. But also: "Apple continues to reduce the ceiling of what's possible in macOS."
Score: 28 Votes (Like | Disagree)
asiga Avatar
8 months ago
At the end, their goal is that MacOS is just iPadOS with Terminal and Xcode.
Score: 26 Votes (Like | Disagree)
jameslmoser Avatar
8 months ago
Anyone surprised by this hasn't been paying attention. Apple is transforming Macs into Apple Service Appliances, and allowing you to customize your OS and install stuff from other places than the App store or developer signed Apps doesn't make them any money.
Score: 16 Votes (Like | Disagree)
aednichols Avatar
8 months ago
Herding developers to run app code in userspace instead of the kernel is just a good idea in general.

I've already been avoiding kext-based apps where possible for years.
Score: 16 Votes (Like | Disagree)
leman Avatar
8 months ago
Anyone surprised by this has not been following macOS development for the last couple of years. Kernel extensions are out, userland drivers are in.


I mean, sure, yes. But also: "Apple continues to reduce the ceiling of what's possible in macOS."
If DriverKit supports enough relevant use cases, I don't see a problem.


Apple is inching MacOS to full Mach, which would be awesome... killing kernel extensions before having third-party GPU support will be interesting. What is old is new again https://en.wikipedia.org/wiki/MkLinux
There won't be any third party GPU support on Apple Silicon. Why would Apple sabotage the developer and user experience ecosystem they have been painstakingly bulding?


VirtualBox
Made irrelevant by the new virtualization framework. Parallels Preview runs on M1 without any kernel extensions.
Score: 14 Votes (Like | Disagree)
jrlcopy Avatar
8 months ago
Umm.... that's like a decent amount of professional apps.
Score: 8 Votes (Like | Disagree)

Top Stories

docker for mac

Docker Desktop for Mac Updated With Apple Silicon Support

Thursday April 15, 2021 9:00 am PDT by
Docker today announced that it has launched a new version of Docker Desktop for Mac with Apple silicon support, allowing developers to use the Docker software on the M1 MacBook Pro, MacBook Air, and Mac mini. Prior to launching, the version of Docker Desktop for Mac with M1 compatibility has been available as a technical preview, and Docker says that testers have found the software to be...
macOS Big Sur Feature Orange

Apple Releases macOS Big Sur 11.2.3 With WebKit Security Fix

Monday March 8, 2021 10:12 am PST by
Apple today released macOS Big Sur 11.2.3, the fifth update to the macOS Big Sur operating system that launched in November. macOS Big Sur 11.2.3 comes two weeks after the release of macOS 11.2.2, a bug fix update. The new ‌‌‌‌‌macOS Big Sur‌‌‌‌ 11.2.3 update can be downloaded for free on all eligible Macs using the Software Update section of System Preferences. Apple...
sudo bug macos

Root Access Sudo Bug Found to Affect macOS Big Sur

Wednesday February 3, 2021 9:20 am PST by
A sudo bug that can grant an attacker root access has been discovered to affect macOS Big Sur (via ZDNet). The security vulnerability, identified last week as "CVE-2021-3156" by the Qualys Security Team, affects sudo, which is a program that allows users to run commands with the security privileges of another user, such as an administrator. The bug triggers a "heap overflow" in sudo that...
sudo bug macos

macOS Big Sur 11.2.1 Fixes Root Access Sudo Bug

Tuesday February 9, 2021 11:32 am PST by
The macOS Big Sur 11.2.1 update that Apple released today fixes a sudo security vulnerability that could allow an attacker to gain root access to a Mac. According to an Apple security support document, the bug, CVE-2021-3156, was addressed in the update by updating to sudo version 1.9.5p2. Apple has also fixed the bug in Supplemental Updates made available for macOS Catalina 10.15.7 and...
macOS Big Sur Feature Orange

Apple Releases macOS Big Sur 11.4 With Apple Podcasts Subscription Support

Monday May 24, 2021 10:08 am PDT by
Apple today released macOS Big Sur 11.4, the fourth major update to the macOS Big Sur operating system that launched in November 2020. macOS Big Sur comes one month after the release of macOS Big Sur 11.3, an update that added M1 optimizations, AirTag integration, and more. The new ‌‌‌‌macOS Big Sur‌‌‌ 11.4 update can be downloaded for free on all eligible Macs using the...
vlc m1 macs

VLC Media Player for macOS Updated With Native M1 Support

Tuesday January 19, 2021 12:58 am PST by
Popular media player VLC for macOS was today updated to version 3.0.12, bringing native support for Apple silicon Macs, including Apple's latest M1-equipped MacBook Air, 13-inch MacBook Pro, and Mac mini models. VLC 3's capabilities include automatic hardware decoding for 4K and 8K playback, support for 10-bit HDR, 360-degree video and 3D audio, and Chromecast streaming with support for...
macOS Big Sur Feature Blue

Apple Seeds Eighth Beta of macOS Big Sur 11.3 to Developers [Update: Public Beta Available]

Tuesday April 13, 2021 10:08 am PDT by
Apple today seeded the eighth beta of an upcoming macOS Big Sur 11.3 update to developers for testing purposes, with the new beta coming one week after the launch of the seventh beta and more than two months after the release of macOS Big Sur 11.2, a bug fix update. Developers can download the ‌‌macOS Big Sur‌‌ 11.3 beta using the Software Update mechanism in System Preferences after ...
macOS Big Sur Feature Purple

Apple Seeds RC Version of macOS Big Sur 11.3 to Developers

Tuesday April 20, 2021 11:16 am PDT by
Apple today seeded the RC version of an upcoming macOS Big Sur 11.3 update to developers for testing purposes, with the new beta coming one week after the launch of the eighth beta and more than two months after the release of macOS Big Sur 11.2, a bug fix update. Developers can download the ‌‌macOS Big Sur‌‌ 11.3 beta using the Software Update mechanism in System Preferences after...
macOS Big Sur Feature Blue

Apple Seeds Sixth Beta of macOS Big Sur 11.3 to Developers [Update: Public Beta Available]

Wednesday March 31, 2021 10:03 am PDT by
Apple today seeded the sixth beta of an upcoming macOS Big Sur 11.3 update to developers for testing purposes, with the new beta coming one week after the launch of the fifth beta and more than a month after the release of macOS Big Sur 11.2, a bug fix update. Developers can download the ‌‌macOS Big Sur‌‌ 11.3 beta using the Software Update mechanism in System Preferences after...