|
|
|
|
|
|
by umanghere
1523 days ago
|
|
|
Just allowing kexts to be loaded should not increase the attack surface or expose the author to any currently known exploits. The reason that people avoid doing it anyways is because third party kexts have a history of obvious vulnerabilities and don't receive the same amount of eyeballs that first party kernel extensions do. As you put it, it really is a desire for maximum security at play here. |
|
|
"Just allowing kexts to be loaded" sure, it wont. But "just allowing kexts to be loaded" makes no sense as an action, unless you also actually intend to and do load at least one kext.
In which case, it absolutely increases the attack surface.