How are System Extensions different from Kernel?

Kernel and system extensions are pieces of software that work in the background to help extend the functionalities of your native Mac operating system. It gives the apps freedom to run powerful and complex functions on the devices. For example, the antivirus apps, USB drivers, DNS proxies etc., makes use of such extensions to enable the support for these features on the Mac.

The system extension is the modern alternative to kernel extensions. Kernel extensions or KEXTs have the ability to dynamically load the code into the macOS kernel, thereby allowing complex apps to function properly on the device. The features coded in the kernel can access specific parts of the OS that regular programs are incapable of accessing. Therefore, an error or a bug in the code can cause severe damages such as kernel panics leading to OS crashes. The system extensions are installed and managed in a tightly controlled user space rather than the kernel; this ensures increased stability and security. Any instability or bugs in the system extension will only affect that part of the software encompassing the system extension. It also provides more end-user control and enables to limit kernel-level attacks.

Another difference between system and kernel extension is that the developers were only allowed to code using C or C++ and use a single framework while creating an app in the kernel. However, if the app uses system extension, the developer can use any macOS SDK framework and any programming language to develop the app. Note that driver extensions require C or C++ and DriverKit frameworks (Driver extensions are a system extension).