Little Snitch and the Deprecation of Kernel Extensions Norbert on Little Snitch — March 24, 2020 You probably came here because your Mac showed a message telling you that software from “Objective Development Software GmbH” (Little Snitch) loaded a system extension that will no longer be compatible with a future version of macOS and that you should contact us, the developer, to get more information. Well, here you are. In order to be able to perform filtering of network traffic, Little Snitch 4 installs a kernel extension (the above mentioned “System Extension”) which is based on Apple’s “Network Kernel Extension” API (NKE). This API will be deprecated in a future version of macOS and replaced with a new “NetworkExtension” API (NE). Despite their similarity in name, these two APIs work very differently, so the underpinnings of Little Snitch do require a substantial rework. Will there be an updated version of Little Snitch that is compatible? Yes. We are going to release an update of Little Snitch that will utilize the compatible replacement APIs. When will Little Snitch 4 become incompatible? We expect the deprecation to become effective with the next major release of macOS. There’s no official release date from Apple, but based on the release schedule of recent years it will not be before this fall. Little Snitch 4 will then not be loaded by the operating system, but there will still be an option to allow the loading. [1] What happens in the unlikely case that no updated version of Little Snitch is available at that time? We do our best to have an updated version available right in time. But if you’re still concerned – keep in mind that there will be an option in macOS to allow running Little Snitch 4. If I buy Little Snitch 4 now, will I get the update for free? Yes. All licenses sold now include a free upgrade to Little Snitch 5. In addition, customers who purchased Little Snitch 4 within a one-year period prior to the final release of Little Snitch 5 (about this fall) will also get a free upgrade. And if you purchased Little Snitch 4 before that period, we will offer you an upgrade at a reduced price. When will Little Snitch be updated to the new APIs? The replacement APIs that are currently available (NetworkExtension framework on macOS 10.15.4) are not yet completely sufficient to implement the full functionality of Little Snitch. But we are working closely with Apple to fill the remaining gaps and we expect that a beta of the next major macOS version (most likely available at the next WWDC) or even an upcoming version of 10.15 will provide what is missing. As soon as the APIs allow us, we will complete the transition of Little Snitch to the new NetworkExtension API. It’s our goal to provide a public beta in June 2020 and a stable version in October. The relevant sentence in Apple’s statement to developers is: “Future OS releases will no longer load kernel extensions that use deprecated KPIs by default.” ↩︎
macOS 10.15.1 Update Fixes Kernel Prelinking Marco on Mac, Little Snitch — October 30, 2019 The initial release of macOS Catalina caused trouble for a lot of Little Snitch users. Updating an existing version of Little Sntich would almost always lead to a dreaded “Version Mismatch” error being shown after restarting your Mac. We documented »
How Kernel Prelinking Works on macOS Catalina (or not) Christian on Mac, Little Snitch — October 11, 2019 Update on October 30, 2019: This issue is fixed in macOS 10.15.1.In this article we’d like to outline some technical details about how the installation of a kernel extension works on macOS Catalina, about potential pitfalls »
The Story Behind CVE-2019-13013 Christian on Mac, Security, Development, Little Snitch — August 26, 2019 This blog post targets fellow software developers. It’s a story of how it could happen that we shipped a version of Little Snitch with a serious vulnerability and, more importantly, what we can learn from it. It all began »
All That Glitters is not Gold Norbert on Little Snitch — April 29, 2019 In February 2019, security experts from Trend Micro published an article about a new variety of malware. This particular attempt gained additional attention because it was the first time that cybercriminals tried to run an .exe file (Windows executable) on »