We have developed a system extension based on the Endpoint Security framework, but after upgrading to macOS 15 beta, the system extension fails to enable in Login Items & Extensions. The specific prompt is shown in the image , and the system log indicates an XPC connection failure. When we use the command to check the extension status, it is [activated waiting for user]. We have tried some other products that use system extensions, and they are also unable to load the system extension.

We have developed a network filter based on the Network extension framework in macOS. However, we have found that after blocking a network, the poll socket value still returns as 1, which causes some applications to run abnormally. We return dropVerdict in the callback handleNewFlow We simulated the process of an application initiating a network request. Create an asynchronous socket. sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { perror("socket"); exit(EXIT_FAILURE); } int flags = fcntl(sockfd, F_GETFL, 0); fcntl(sockfd, F_SETFL, flags | O_NONBLOCK); connect server // Connect to the server ret = connect(sockfd, (struct sockaddr *)&server_addr, sizeof(server_addr)); if (ret < 0) { NSLog(@"connect, errno:%d, err str:%s.", errno, strerror(errno)); } we found the connect return -1, errno return EINPROGRESS, means operation now in progress. poll socket int timeout = 5000; // 5 seconds struct pollfd fds[MAX_EVENTS]; fds[0].fd = sockfd; fds[0].events = POLLIN; ret = poll(fds, 1, timeout) return 1, means the number of descriptors that are ready for I/O. We believe it is unreasonable for poll to return 1 after network disruption, which leads to abnormal application processing.