KEXTless DLP for macOS Big Sur
As we head into Apple’s 2020 Worldwide Developers Conference (WWDC), taking place 22 – 26 June online free of charge this year, excitement is mounting over the rollout of macOS Catalina 10.15.4 which will begin the deprecation of kernel extensions in favor of Apple’s new system extensions. What will this mean for developers and Data Loss Prevention tools? Let’s take a closer look.
Apple introduced system extensions with the release of macOS Catalina 10.15.0 in September 2019, after announcing its plans to deprecate kernel extensions (KEXTs) at WWDC 2019. While the new extensions were used in parallel with kernel extensions until now, macOS Catalina 10.15.4 will officially begin deprecating KEXTs.
What this essentially means is that the use of kernel extensions will now trigger a notification to the user, letting them know when software uses deprecated KEXTs and asking them to contact the developer for alternatives.
KEXTs vs KEXTless
KEXTs and system extensions both allow users to install apps that extend the native features and functions of the macOS operating system. The difference between them is the level at which the code runs.
Until now, whenever an app was developed for macOS, it used KEXTs to execute code at kernel level. However, giving developers access to the macOS kernel also gave potential attackers a way in. Cybercriminals have exploited third-party KEXTs in the past or have developed their own signed kernel extensions that they then used in attacks.
Apple’s new system extensions will cut off access to the macOS kernel and allow code to be executed only in a controlled user-space. In this way, the overall security of macOS will be greatly improved by eliminating a popular attack vector for the operating system.
Concerns were raised over the possibility that system extensions will reduce the efficiency of macOS security tools in particular since they relied heavily on full kernel access. To ensure that security apps can continue to protect users from malware or data loss, Apple developed a series of specialized frameworks such as the Endpoint Security Framework to make sure developers have the capabilities they need to fully implement their tools.
Endpoint Protector, KEXTless DLP for macOS
Endpoint Protector prides itself on being the most trusted Data Loss Prevention (DLP) solution for macOS on the market. From its very inception, it has been a cross-platform solution that addresses the needs of macOS and Windows users equally. It offers feature parity for both operating systems, meaning that, regardless of whether computers run on macOS or Windows, they will receive the same level of protection and be able to use the same features and policies.
Following its tradition of always being ahead of the game, Endpoint Protector will offer zero day support for Catalina 10.5.4 and a new KEXTless agent that will allow users updating to the latest version of the OS, to transition to system extension-based DLP protection. The KEXTless agent was built on Apple’s new Endpoint Security Framework, making Endpoint Protector one of the first DLP vendors to release an agent that doesn’t use a kernel extension.
While Apple has announced that macOS Catalina will be the last macOS to fully support legacy system extensions, Endpoint Protector’s legacy client will continue to work on older versions of the operating system, from macOS 10.8 to macOS 10.15. The Endpoint Protector macOS legacy client is notarized under the Apple notarization requirement that gives users an extra layer of assurance that the software they download and run has been checked for known security issues.
We look forward to the launch of macOS Catalina 10.5.4 and the advent of a KEXTless, more secure macOS. Endpoint Protector will continue to bring its award-winning DLP tools to Mac users around the world through its new system extension agent.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.