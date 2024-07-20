Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Yesterday, we saw one of the largest IT outages in history, and it looked a lot like what many people had predicted would happen when the year 2000 hit and the Y2K bug occurred. Yesterday, people around the world began seeing the “blue screen of death” as they began their work day. This error caused delays for banks, airlines, railways, cellular providers, TV and radio broadcasters, and grocery stores. It only affected Windows, though. Macs were unaffected, though. A problem in a security update from CrowdStrike caused the error. You can read their blog for more information. CrowdStrike is a fantastic company, and they make incredible products. Their products are simply some of the best security tools in the industry, but unfortunately – accidents can happen.

Apple’s Endpoint Security framework

The root of the problem is that CrowdStrikes tools run at very deep levels on Windows. On the Mac, they can’t run at those levels – anymore. Apple’s Endpoint Security Framework is a modern API toolkit designed to help security vendors build security solutions for the Mac. It was introduced in macOS 10.15 Catalina and provides a comprehensive set of tools and services to monitor and secure endpoints.

The framework allows developers to monitor various security-related events, such as file system access, process creation, and network connections. This enables real-time monitoring of activities on a Mac, but it does it in a way that protects user privacy and also limits how low a level it can run. Apple designed the framework to respect user privacy and provide transparency. Applications using the Endpoint Security Framework must obtain explicit user consent to monitor and block activities, ensuring users know the security measures applied to their devices.

Apple’s Endpoint Security framework replaced the Kernel Extension (kext) based security mechanisms. These Kernel Extensions had deep access to the system, running in the kernel space. This level of access posed significant security risks and potential stability issues because a malfunctioning kext could crash the entire system.

Do you understand it now? Apple’s Endpoint Security framework was developed to modernize how companies interact with macOS from a security point of view. Apple recognized that as it became one of the most used endpoints in the enterprise, it needed a modern way to handle endpoint monitoring for enterprise IT and security teams. When Apple made this change, it was a major transition for security vendors. They had to change how their tools worked to be compatible with future macOS versions.

9to5Mac’s take

Apple was right. Building a modern enterprise API for endpoint detection was not easy, and the entire industry had to transition with them. Apple’s framework is how it should be done. An endpoint security tool should not be able to crash a system to the point where it’s unusable.

