macOS 11 Big Sur: 5 Security and Privacy Changes You Need to Know
Unveiled at the 2020 Worldwide Developers Conference (WWDC) in June, macOS Big Sur is the newest version of Apple’s operating system, bringing not only a big upgrade in terms of design but improved security and privacy features as well.
WWDC 2020 took place for the first time as a virtual event due to the coronavirus pandemic. As the company detailed in its keynote, Apple will double down on data protection not only in macOS Big Sur but in the upcoming iOS14 and Safari releases as well.
Set to be released this fall, macOS Big Sur features major updates and improvements, marking the jump to version 11 as well. Maintaining the recent trend of borrowing names from California’s most beautiful spots, the name of the latest OS is inspired by a rugged stretch of the Central Coast of California. Following macOS 10.15 Catalina, this new version is the biggest change to Apple’s operating system in years.
We’ve collected the major upgrades in security and privacy that macOS 11 brings:
1. Shift from KEXTs to System Extensions
With macOS Big Sur, Apple has officially started to deprecate kernel extensions (KEXTs) in favor of System Extensions. This means that deprecated kernel extensions will not load by default in macOS Big Sur. The use of KEXTs triggers a notification to the user, letting them know that a software uses deprecated kernel extensions and asking them to contact the developer for alternatives.
Apple’s new System Extensions improve the reliability and security of macOS, by cutting off access to the macOS kernel and allowing code to be executed only in a controlled user-space. To ensure that security apps can continue to protect users from malware or data loss, Apple developed a series of specialized frameworks such as the Endpoint Security Framework. In this way, developers are provided with the capabilities they need to fully implement their tools.
In macOS Big Sur, Safari will include a new “Privacy Report” button that will give users more insights into how websites track their data, as well as the option to check if any of their passwords have been compromised in a data breach.
Additionally, more browser extensions will be supported in Safari, and, with privacy and security in mind, users will be able to choose when and which websites a Safari extension can work with.
3. Signed system volume
macOS Big Sur introduces a cryptographically signed system volume that ensures protection against malicious tampering. This also allows to start software updates in the background, as the Mac knows the exact layout of the system volume.
4. Self-reported privacy practices
An important privacy-oriented feature on macOS Big Sur is the addition of increased transparency and control over the user’s privacy information. Apple is asking developers to self-report their app privacy practices on the App Store, thus informing users about the permissions requested by various apps.
5. Privacy information on the App Store
A new section on each app’s page on the App Store will be added to help users understand the privacy practices of the app before they download it. Users will be able to see what types of data the app might collect (e.g. contact information, location) and whether that data is shared with third parties. Similar to nutrition labels, an app’s privacy information on the App Store will be displayed in a consistent, simple format and let the user quickly and easily understand the app’s privacy practices.
With the newest version of its operating system, Apple underlines that security and privacy matter more than ever. Currently, macOS Big Sur is in developer beta, and a public beta is expected in July.
We at Endpoint Protector are excited to announce that we continue our history of offering zero-day support for Apple’s new operating systems. We’re also rolling out a KEXTless agent that will allow our users to update to the latest version of the OS and to transition to system extension-based DLP protection.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.