So, what is a KEXT , and why should you care?

Only to stay abreast of security upgrades by (arguably) the global leader in the design of technology. Apple products are simply superior, or so their users will tell you.

Identifying and eliminating problems– or obstacles– eons before they actually happen is an art form Apple has all but mastered. And KEXTs are just the latest technology they are allowing to expire.

Kernel Extensions and OS X

Kernel Extensions, sometimes referred to as KEXTs, let developers load code directly into the macOS kernel.

By giving developers access to the kernel, which is in charge of everything on the system, Kernel Extensions leverage their “kernel privileges” to create very powerful apps.

So, what is a KEXT? A powerful tool for good, in the right hands. For example, kernel extensions can create virtualization applications that run Windows OS inside of macOS.

The Downside of KEXTs

Kernel extensions are inherently a stability and security nightmare. Kernel processes are prioritized over every other system function. This creates a slippery environment to develop and debug apps in. Minor bugs can create a panic and even shut a system down.

From a security standpoint, the kernel is the definer and enforcer of security policies. And kernel extensions run within it– unbound to the macOS security policies.

If a KEXT has a bug that leaves it open to being compromised, it isn’t just the app that is at risk. It’s the entire system– and there’s no security policy that can restrain it.

Catalina Gives Birth to System Extensions

System Extensions, introduced in macOS 10.15 Catalina let developers create apps that extend the functionality of macOS — without requiring kernel-level access.

Userspace vs Kernel

As we have discussed, kernel development of apps is very restrictive and demands precision. That’s what led to implementing a less restrictive environment for developing apps. Minor bugs no longer lead to panics and unpredictability.

Framework Compatibility

With KEXTs, developers are strapped to one framework and 2 languages: C and C++. This isn’t so with System Extensions. Now, developers can use any macOS SDK framework, and they can write code in any programming language.

System Extensions and Security Policies

Again, since System Extensions run in userspace, there is no kernel-level control issue. Worst case scenario, a bug only affects the software the system extensions are a part of.

Even more important, security policies are now in place that system extensions must follow, eliminating KEXTs security vulnerability and increasing system stability.