Unveiled at the 2020 Worldwide Developers Conference (WWDC) in June, macOS Big Sur is the newest version of Apple’s operating system, bringing not only a big upgrade in terms of design but improved security and privacy features as well.
WWDC 2020 took place for the first time as a virtual event due to the coronavirus pandemic. As the company detailed in its keynote, Apple will double down on data protection not only in macOS Big Sur but in the upcoming iOS14 and Safari releases as well.
Security and Privacy Changes in macOS Big Sur
Set to be released this fall, macOS Big Sur features major updates and improvements, marking the jump to version 11 as well. Maintaining the recent trend of borrowing names from California’s most beautiful spots, the name of the latest OS is inspired by a rugged stretch of the Central Coast of California. Following macOS 10.15 Catalina, this new version is the biggest change to Apple’s operating system in years.
We’ve collected the major upgrades in security and privacy that macOS 11 brings:
1. Shift from KEXTs to System Extensions
With macOS Big Sur, Apple has officially started to deprecate kernel extensions (KEXTs) in favor of System Extensions. This means that deprecated kernel extensions will not load by default in macOS Big Sur. The use of KEXTs triggers a notification to the user, letting them know that a software uses deprecated kernel extensions and asking them to contact the developer for alternatives.
Apple’s new System Extensions improve the reliability and security of macOS, by cutting off access to the macOS kernel and allowing code to be executed only in a controlled user-space. To ensure that security apps can continue to protect users from malware or data loss, Apple developed a series of specialized frameworks such as the Endpoint Security Framework. In this way, developers are provided with the capabilities they need to fully implement their tools.
In macOS Big Sur, Safari will include a new “Privacy Report” button that will give users more insights into how websites track their data, as well as the option to check if any of their passwords have been compromised in a data breach.
Additionally, more browser extensions will be supported in Safari, and, with privacy and security in mind, users will be able to choose when and which websites a Safari extension can work with.
3. Signed system volume
macOS Big Sur introduces a cryptographically signed system volume that ensures protection against malicious tampering. This also allows to start software updates in the background, as the Mac knows the exact layout of the system volume.
4. Self-reported privacy practices
An important privacy-oriented feature on macOS Big Sur is the addition of increased transparency and control over the user’s privacy information. Apple is asking developers to self-report their app privacy practices on the App Store, thus informing users about the permissions requested by various apps.
5. Privacy information on the App Store
A new section on each app’s page on the App Store will be added to help users understand the privacy practices of the app before they download it. Users will be able to see what types of data the app might collect (e.g. contact information, location) and whether that data is shared with third parties. Similar to nutrition labels, an app’s privacy information on the App Store will be displayed in a consistent, simple format and let the user quickly and easily understand the app’s privacy practices.
With the newest version of its operating system, Apple underlines that security and privacy matter more than ever. Currently, macOS Big Sur is in developer beta, and a public beta is expected in July.
We at Endpoint Protector are excited to announce that we continue our history of offering zero-day support for Apple’s new operating systems. We’re also rolling out a KEXTless agent that will allow our users to update to the latest version of the OS and to transition to system extension-based DLP protection.
Frequently Asked Questions
There are seven supported product lines for macOS 11 Big Sur:
- Mac Pro (2013 or newer)
- MacBook Air (2013 or newer)
- MacBook Pro (Late 2013 or newer)
- Mac Mini (2014 or newer)
- iMac (2014 or newer)
- MacBook (2015 or newer)
- iMac Pro (2017 or newer)
Yes. Endpoint Protector is among the best and most trusted DLP solutions for macOS users on the market, offering zero-day support for new macOS versions. Zero-day support means that companies can confidently allow employees to deploy the latest macOS versions as Endpoint Protector will be compatible with them, and data protection will continue as normal. The newest version of Endpoint Protector comes with a kextless agent built on Apple's new Endpoint Security Framework, making Endpoint Protector a pioneer DLP vendor to release an agent that doesn't use a kext (kernel extension).
Endpoint Protector is a Data Loss Prevention (DLP) solution that directly protects sensitive categories of data such as Personally Identifiable Information (PII) or Intellectual Property (IP), thus reducing the risk of a data breach. Our solution offers zero-day support for new macOS versions. By deploying Endpoint Protector, companies get the following benefits:
- Data visibility and protection: The solution monitors and logs the movements of sensitive data, and offers the possibility to address policy violations. With its powerful PII Scanner, companies can search over 100 file types on Macs for sensitive data.
- Granular policies: Endpoint Protector allows companies to apply its policies to different groups, departments, individuals, and devices. The solution comes with an extensive database of predefined policies for the most common types of sensitive data.
- Removable device control and encryption: Our DLP monitors and controls Macs’ USB and peripheral ports, while our encryption solution can be automatically deployed to any trusted USB storage device connected to an endpoint.
Macs’ increasing popularity in the work environment, especially among C-level executives, has made them an attractive target for malicious outsiders. Furthermore, they are also just as vulnerable as computers running on other operating systems to human error. For safeguarding data on Macs, companies should consider the following security tools:
- Antivirus & antimalware: to stop outsider threats and fight against the latest security threats
- Data Loss Prevention (DLP): to reduce the risk of insider threats, including malicious intentions and human error
- Encryption: to protect data in case of device loss or theft, by encrypting entire drives (with FileVault) or sensitive files when they are transferred to portable devices
- Backup: an easy way to fight ransomware by using the built-in backup tool, Time Machine, other popular bootable backup solutions, or online backup through the cloud
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.