Apple deprecating macOS kernel extensions (KEXTs) is a great win for security

Discussion in 'other security issues & news' started by guest, Feb 8, 2020.

  1. guest

    guest Guest

    Apple deprecating macOS kernel extensions (KEXTs) is a great win for security
    Apple kernel extension APIs to be deprecated in macOS 10.15.4
    February 7, 2020
    https://www.zdnet.com/article/apple...extensions-kexts-is-a-great-win-for-security/
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,897
    Location:
    The Netherlands
  3. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,128
    Location:
    Member state of European Union
    It is similar but different than PatchGuard. Apple makes hardware and software. On macOS you don't install drivers, because OS already has them built-in. Windows ecosystem is completely different in that regard and Microsoft must provide support to install 3rd-party drivers. These 3rd-party device drivers are executed in kernel-space. PatchGuard just provides some mitigation against modifications of certain other parts of kernel, but device drivers are still executed in kernel-mode. Malicious driver still may change a lot of system memory addresses and there are even ways to bypass PatchGuard.
    MacOS will completely remove ability to install anything in kernel-mode created by 3rd-party. Very easy step, but also very significant.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,897
    Location:
    The Netherlands
    OK cool, didn't know about this. However, it sounds like so called "kernel extensions" have the same capabilities that drivers on the Windows OS have. So I'm guessing that's why Apple wants to get rid of them. It will make it harder for malware to bypass security tools.

    Correct, but PatchGuard does interfere with most techniques being used by malicious drivers, they simply can not modify most important parts of the kernel. And all drivers must be signed of course. At first I thought it was a dumb decision but I later changed my mind, it was actually a good thing.
     
  5. guest

    guest Guest

    New macOS 10.15.4 warnings are a shot across the bow for kernel extensions
    This shouldn't be a surprise to developers
    March 25, 2020

    https://www.imore.com/new-macos-10154-warnings-are-shot-across-bow-kernel-extensions
    Kernel extension warning dialogs in macOS Catalina 10.15.4
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.