Kernel Extensions Are Bad for Security

This was clarified in an updated version of Apple’s Platform Security Guide detailing the latest security features in iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, and watchOS 7. It acknowledges that third-party kernel extensions are bad from a security standpoint.

The 196-page document, available on Apple Support and as a PDF document, explains that a third-party kernel extension has the same privileges as the macOS kernel. As a result, any vulnerabilities found in a kernel extension can lead to full operating system compromise.

Aside from the refreshed Apple Platform Security guide, the company also debuted a new Security Certifications and Compliance Center on its website, providing crucial security and privacy-related information about Apple hardware, software, and services.

macOS also includes a feature called System Integrity Protection that actively shields parts of your system from modification, and blocks the installation of insecure extensions.

About macOS Kernel Extensions

In many operating systems, the kernel is the central component that has complete control over all the system resources. Always resident in memory, the kernel handles crucial low-level operations such as memory allocation, peripherals access, I/O requests, and more. It’s one of the first software components that load when you turn on your Mac.

Kernel extensions permit developers to inject custom code into the macOS kernel, usually to enable compatibility with certain peripherals or to create very advanced apps. However, Apple no longer recommends using macOS kernel extensions.

macOS Catalina, released more than two years ago, was the last version of the Mac operating system to support kernel extensions. Apple now provides system extensions as a way of extending macOS functionality without potentially compromising security.

Unlike kernel extensions, system extensions are protected in user space rather than at the kernel level. System extensions have limited privileges because they run in userspace.

About macOS System Extensions

Here’s how Apple’s support document describes macOS system extensions:

A system extension may seek user permission before it’s loaded. In that case, the user will be asked to the Security & Privacy preferences to allow the extension.

If your Mac is using an outdated third-party extension, you may see a system alert. In that case, you should reach out to its developer and inquiry about compatibility. Such outdated extensions need to be updated or will be incompatible with a future version of macOS.