Do you know of any reports where macos system extensions being abused this way? I've heard about windows drivers, but my impression was apple is doing this well enough to be a non-issue mostly?
That's a good one. To be clear, I'm not saying vulnerabilities don't or can't exist in system-extensions. I'm just saying that apple can publish and/or sign iphone extensions for a very limited use case like this, or publish an api/system service to do the same thing, if the concern is 3rd parties. The use case here is reading some memory and exposing that to authorized applications. I concede on the system extension part, but apple can still expose the capability without one.