SecureMac, Inc.

macOS Big Sur security and privacy guide

September 21, 2020

Apple will soon release macOS Big Sur to the public — and it looks like it will bring a number of important security and privacy enhancements. In this guide, we’ll tell you everything you need to know about the Mac’s new and improved OS!

About the name and number

Ever since 2013, Apple has used California landmarks to name each new version of their flagship OS, and macOS “Big Sur” is no …

macOS Big Sur security and privacy guide

Apple will soon release macOS Big Sur to the public — and it looks like it will bring a number of important security and privacy enhancements. In this guide, we’ll tell you everything you need to know about the Mac’s new and improved OS!

About the name and number

Ever since 2013, Apple has used California landmarks to name each new version of their flagship OS, and macOS “Big Sur” is no exception. However, there is one major change this time around: the version numbering system has been updated. Instead of following the old 10.x convention, Big Sur will be the first version of macOS 11 (not to be confused with macOS 10.11 El Capitan). The reason is that Apple sees Big Sur as a major milestone in the evolution of macOS, and wanted the OS number to reflect that.

Signed System Volume

In macOS 10.15 Catalina, Apple introduced the read-only system volume, which stored system content in its own separate area in order to prevent tampering with core OS files. In Big Sur, this protection is taken one step further with the Signed System Volume (SSV). 

SSV uses cryptographic hashing to verify the integrity of all system data when installing, updating, or even booting macOS Big Sur. In cryptographic hashing, an input value is run through a special mathematical algorithm in order to produce an output value (this output value is referred to as the “hash value”). Any change to the input value, no matter how small, will result in a completely different hash value — which is what makes cryptographic hashing such a useful tool for verifying the integrity of files. 

SSV runs every file in the system volume through the SHA-256 hashing algorithm and then stores the resulting hash values in the filesystem metadata. During updates and boots, these stored hash values are compared to hash values computed from the data in the current system volume. The values should be the same, so if a mismatch is found, the system knows that there has been some change to the data on the system (indicating possible tampering) and will prompt the user to reinstall macOS. 

For most users, this will not impact the way they use macOS on a day-to-day level at all, whether they’re updating or just booting up their Mac. But it’s good to know that Apple has made it a little harder for bad actors to mess with your OS!

Faster updates

In macOS Big Sur, routine software updates will begin in the background, allowing you to continue working on your Mac for part of the update process. In addition, Apple says that the update process will be faster than before. 

Because timely updates are essential to good personal security, we’d definitely count this as a security upgrade: Faster, easier updates should encourage a greater percentage of users to enable automatic updates for macOS (and for all apps).

To make sure you have automatic updates enabled in macOS Big Sur, go to the Apple menu > System Preferences > Software Update and check the box that says Automatically keep my Mac up to date. Click on the Advanced… button to see the option to automatically Install app updates from the App Store.

The great kext phase-out continues…

When macOS Catalina came out last year, one of the big announcements was that kernel extensions, or “kexts”, would soon be deprecated. A kernel extension is special code that allows third-party developers to extend the functionality of the macOS kernel (the core code of the operating system) in order to run their apps. Kexts are frequently used to build device drivers, in endpoint security products, and in networking. 

Apple has always seen kexts as risky, because they allow third parties to access the most sensitive part of macOS, which opens the door to potential stability and security issues. For this reason, Apple decided to replace kexts with System Extensions (for networking and endpoint security functionality) and DriverKit (for the creation of device drivers). Because these tools don’t require kernel-level access — they run in user space instead — developers now have a safer way to get the extended kernel functionality that they need.

In recent versions of macOS Catalina, an alert is displayed when a kext (referred to as a “legacy system extension”) first loads. The user is warned that future versions of macOS won’t support the extension, and is advised to contact the developer for more information.

It doesn’t look like Apple is going to completely kill kexts when macOS Big Sur rolls out, but they’re definitely continuing to move in that direction. Apple is expanding the list of deprecated kernel extensions that have System Extension and DriverKit alternatives — alternatives that developers will be required to use in Big Sur. Apple’s official developer documentation underscores the point with this rather unambiguous notice: “In macOS 11 and later, the kernel doesn’t load a kext if an equivalent System Extension [or DriverKit] solution exists”. 

In short, kexts are still hanging on in macOS Big Sur, but they’re well and truly on the way out.

Privacy Report in Safari

macOS Big Sur will ship with Safari 14, which contains a number of significant privacy upgrades. 

The Privacy Report feature will allow you to see which websites are attempting to track you around the web (this feature will show you trackers that Safari has already blocked, so you don’t need to take any additional steps to prevent tracking). 

To use Privacy Report, just go to Safari in the menu bar and click on Privacy Report. There is a tab for Websites that lets you see which sites have attempted to track you in the past 30 days, and tells how many trackers they used. There is also a tab for Trackers, which lets you know which trackers were seen most frequently across all websites.

If you just want to see the Privacy Report data for a single site, click on the Privacy Report icon in the Safari toolbar. You’ll be able to see whether or not a website is using trackers, and will be able to click on > Trackers on This Webpage for more detailed information.

Password monitoring in Safari

If you’ve saved passwords in Safari, your browser will now let you know if there’s a problem with any of them. To look for any potential issues, go to Safari in the menu bar, and then Preferences > Passwords (you’ll need to enter your user password in order to access this feature). 

From here, if you’re using a weak password, or a password that has appeared in a known data breach, you’ll see a warning icon next to the problem account. Click on this icon for more information — and then follow the security recommendations that Safari gives you in order to make sure you’re using a safe password.

If you want some help with better passwords, Safari can be used to create secure passwords whenever you set up new accounts. Just click on the small key icon in the form field when you’re prompted to enter your new password and you will see an option labeled Suggest New Password. If you click on this, Safari will automatically generate a strong password for you. Click Use Strong Password in order to confirm and save the password in Safari for future use.

Website access control for Safari extensions 

If you’ve customized Safari with browser extensions, you’ll now be able to control how much access those extensions have to the web pages that you visit. When you land on a web page that you haven’t visited before, you’ll be prompted to grant an extension access to the page for a single use, for one day, or all the time. This is useful if there are certain extensions that you only use on a handful of sites, or only use once in a while, but that don’t really need full access to your entire web history!

To see a list of Safari extensions and a summary of their permissions, go to Safari in the menu bar, then go to Preferences > Extensions for a list of all installed Safari extensions. 

Mac App Store privacy information

Lastly, an interesting change is coming to the Mac App Store. Starting later this year, all apps in the Mac App Store will need to provide information about their privacy practices, including their data collection and data sharing activities. This information will be displayed in a special section of the app’s page in the App Store, so you can learn how an app handles user privacy before you decide to download it. The feature is still under development, so it won’t be immediately available when Big Sur goes live this fall, but it is expected in a future OS update before the end of the year.

Looking ahead

After macOS Big Sur is released to the public, we’ll be sure to keep you up to speed on any issues or bugs that come to light, and will let you know as and when new updates become available.

Join our mailing list for the latest security news and deals