In part 2 of my macOS security internals series, I demystify System Integrity Protection (SIP), breaking down how the kernel enforces Apple-signed entitlements over POSIX root privileges, the mechanics of rootless.conf, and why the hardware always has the final veto.

Includes a small C program to audit your own CSR bitfield configuration.

Read the full deep dive here:
https://bytearchitect.io/macos-security/Apple-defences-SIP-and-APFS-(cont'd)/

#macOS #infosec #cybersecurity #ReverseEngineering #XNU #AppleSecurity #Kernel #OSInternals #Rootless

Here are some things that one can add to the analysis of the MacOS TCP timeout clock freeze bug.

The code for calculate_tcp_clock() in XNU was changed in May 2025. Older versions of this function (e.g. in xnu-11417) worked quite differently and wouldn't have stopped ticking the clock at 32-bit unsigned integer wraparound.

None of #NetBSD, #FreeBSD, nor #OpenBSD share this exact way of doing TCP timeout processing with #XNU.

FreeBSD does not have a tcp_now and works off the global 32-bit ticks variable. OpenBSD effectively works off the kernel's system clock, too, but with a randomized offset, and does 64-bit unsigned modular arithmetic. NetBSD uses a distinct 32-bit unsigned tcp_now counter that it simply increments by 1 at regular intervals, and does modular arithmetic subtraction.

https://photon.codes/blog/we-found-a-ticking-time-bomb-in-macos-tcp-networking

#TCP #MacOS

This neighborhood belongs to us!! (the macos kernel)

#xnu #macos #osdev

Finally got x86_64 #XNU for #macOS 15.6 built into some kind of a binary on my M4 MBA.

Now I’m not quite sure how to boot the kernel in a VM… any ideas?

#Apple #Tech #Technology