Hi all (and hopefully Quinn) I found this WWDC session today (https://developer.apple.com/videos/play/wwdc2021/10130/) dealing with MDM updates for Monterey. The part that caught my eye was the new RemovableSystemExtensions feature. From the video: In macOS Monterey, there is a new feature called RemovableSystemExtension. This will allow an app to deactivate its own system extension, for example, when the app uninstalls itself. With this feature, there will be no admin password required to remove the system extension. This may be useful in deployments where the Mac has no admin user. My question is, do I (we) have to do anything special in our system extension to take advantage of this or is it a free pass from MDM? I already do a call to deactivationRequestForExtension when we uninstall. And that works fine on Big Sur, but doesn't any more on Monterey. That's what led me down the path that found this session and other links. I know I'm not the only one suffering through the uninstall aspect of system extensions and really hope that this is the holy grail. Thanks

We have some code that was built with the 10.10 SDKs (don't ask, it just is). When it runs on Monterey and gets the version number, it gets 10.16.0, just like Big Sur. I was expecting 10.17.0 for a new version. Will Monterey get the minor version number bumped to not look like Big Sur? Thanks

Quinn, you've often suggested that to validate the other side of an XPC connection, we should use the audit token. But that's not available from the XPC object, whereas the PID is. So everyone uses the PID. While looking for something completely unrelated, I found this in the SecCode.h file OSStatus SecCodeCreateWithXPCMessage(xpc_object_t message, SecCSFlags flags, SecCodeRef * __nonnull CF_RETURNS_RETAINED target); Would this be the preferred way to do this now? At least from 11.0 and up. Like I said, I was looking for something completely unrelated and found this and don't have the cycles right now to try it. But it looks promising from the description and I wanted to check in with you about it in case you can say yes or no before I get a chance to test it. Thanks

Just got a crash log from our QA testing on Monterey. The basic crash info is here, but I don't know what the termination reason means or how to look it up. Exception Type: EXC_CRASH (SIGKILL) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: Namespace ENDPOINTSECURITY, Code 2 The backtrace showed the crashing thread in a _pthread_cond_wait waiting for a signal that there is data to process. (This is for notify events, we queue them up for processing). We do retain the message, so I'm wondering if the queue is backing up (shouldn't be since the pthread_cond_wait only happens on an empty queue) and not releasing the messages quickly enough. But I don't know what Code 2 means to see if this idea is valid. Can someone point me to where I can look that up? Thanks