Hello, welcome to the Monday, June 29th, 2020 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

One of the big events last week, of course, was Apple's developer conference and the reveal of the next versions of Mac OS and iOS.

Now, these developer conference, keynotes and such always highlight the features.

I want to focus a little bit on some of the security features,

and I'm leaning heavily here on a blog post published by Sentinel 1.

So I recommend if you're interested in some of these details, take a look at their blog post.

First of all, one thing that sort of caught my attention was kernel extensions.

Kernel extensions have always been sort of on the way out in

Mac OS. Now, you may have seen, for example, pop-ups that tell you, hey, that kernel extension

may no longer be support in a future. And then, of course, you had to approve individual kernel

extensions. Well, the good news here is that

in macOS 11, Big Sur kernel extensions will remain to exist. So they appear to continue to be

working the way they work now, where you have to approve them as you install them. Now, in the last

major update to macOS, Apple made this change to

how data is saved in the disk by splitting it into a system volume and a data volume where it

wasn't possible to change a system volume. It was a read-only volume. In order to make changes, you had to reboot and

turn it into a live file system, then make your changes. This is actually going to get more

difficult in macOS 11. The change here is that the system volume will not just not be writable, it will also be

cryptographically signed. So even if you manage to make a change to the system volume, well, it

won't work because the digital signature will not work out. However, you can disable the

...