Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server. It is named Santa because it keeps track of binaries that are naughty or nice.
This release contains some important security fixes to Santa's kernel extension component. The bugs that were fixed could allow an attacker with local code execution as root to gain kernel access. Machines using the system extension on 10.15 are not affected
The v1.x versions of Santa include many architectural changes. Including the usage of EndpointSecurity and SystemExtensions for systems running macOS 10.15+
Once Santa's SystemExtension is installed, it cannot be removed without prompting the user
See the notes for the v1.0.3 release regarding SystemExtension and TCC permissions required to run this release on 10.15
Subscribe for our newsletter with best Mac offers from MacUpdate.
Downloaded & Installed 1,727 times