kextutil

executablemacOS262.3 KBx86_64, arm64

Security certificate validator — verifies code signatures and keychain credentials

Validates code signatures, certificates, and keychain items for macOS security enforcement. Communicates with hardware and driver systems to perform cryptographic operations and access stored credentials. Exposes three XPC services for other system components to request verification of code signatures and certificate chains. Collects telemetry about validation operations and connects to multiple network endpoints, likely for certificate revocation checking and trust anchor updates.AI

Fingerprint

Platform: macOS
Type: executable
Arch: x86_64, arm64
Min OS: 26.1.0
SDK: 26.1.0
File Size: 262.3 KB
UUID: 0054D7F5-AEAF-3E90-9EB6-FB880CAD7150
Analyzed: 2026-04-07T05:21:16Z
CDHash: c504dc0e21297f4a3c2bc0f298a8414d1af1ad7850f26b7951e15d85408f1e25

Capabilities

HardwareDirect hardware/driver communication

/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

SecurityKeychain, certificates, code signing

/System/Library/Frameworks/Security.framework/Versions/A/Security

Frameworks9

libc++.1.dylib CoreFoundation IOKit KernelManagement(weak)Security SystemPolicy(weak)Foundation libobjc.A.dylib libSystem.B.dylib

Entitlements1

com.apple.private.kernel.get-kext-infotrue

Interesting Strings

Bundle IDs(24)

&com.apple.private.kernel.get-kext-info <key>com.apple.private.kernel.get-kext-info</key>com.apple.KernelExtensionServer com.apple.driver.KextExcludeList com.apple.kextutil

File Paths(12)

link against <kernelFile> (default is /System/Library/Kernels/kernel)/Library/StagedExtensions /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

telemetry(4)

Diagnostics for %s:_OSKextLogDiagnostics _OSKextSetRecordsDiagnostics print-diagnostics

URLs & Endpoints(4)

$http://crl.apple.com/codesigning.crl0 %http://www.apple.com/appleca/root.crl0 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">https://www.apple.com/appleca/0

Network Surface

Networking Frameworks

CoreFoundation Foundation

Endpoints(20)

Hostnamefield.1.2.840.113635.100.6.2.6

Hostnamefield.1.2.840.113635.100.6.1.13

Hostnamefield.1.2.840.113635.100.6.1.18

Hostnamefield.1.2.840.113635.100.6.1.9

Hostnamefield.1.2.840.113635.100.6.1.9.1

Hostnamefield.1.2.840.113635.100.6.1.12

Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">

Hostnamewww.apple.com

Urlhttp://www.apple.com/appleca/root.crl0

Urlhttp://crl.apple.com/codesigning.crl0

Hostnamecrl.apple.com

Urlhttps://www.apple.com/appleca/0

API Usage

DNA Capability Vector

Location

0

Keychain

0

Network

0

Storage

0

Hardware

1

IPC

0

Analytics

0

Security

1

System

0

Behavioral Profile

URL Endpoints

4

Telemetry Strings

4

File Paths

12

Bundle IDs

24

IOKit Constants

0

Library Functions

0

Structural HashesSHA-256

Codea991a0e414a2bde5ffba1a6f07d4b6f488ccbeeb6cf5b7faece613ece235d0cf

Imports2e0700dc9086724e03cf9cc56697a17237e68fdb56d7ae7437d8443e1b5d817c

Frameworksc2590e0b104a9a6e554ca5b1ba5c0c6dbc21608e25ba9284c1b15270eda22753

Classese3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Entitlements8f85fe0e9f1bb519fab90b60343b5c455e0ab925cd02b49d604078fd15399851

Symbols2e0700dc9086724e03cf9cc56697a17237e68fdb56d7ae7437d8443e1b5d817c

Static Libraries0 / 88 functions identified

Functions(88)

0x100000c78sub_100000c78

0x100000ca0sub_100000ca0

0x100000ce0sub_100000ce0

0x100000f44sub_100000f44

0x1000017fcsub_1000017fc

0x1000018d8sub_1000018d8

0x100001ef8sub_100001ef8

0x1000022f8sub_1000022f8

0x100002454sub_100002454

0x100002550sub_100002550

0x100002988sub_100002988

0x1000029ccsub_1000029cc

0x100002a8csub_100002a8c

0x100002d74sub_100002d74

0x1000030e4sub_1000030e4

0x100003280sub_100003280

0x1000035c0sub_1000035c0

0x100003b5csub_100003b5c

0x100003cf8sub_100003cf8

0x100003e5csub_100003e5c

Imports263 symbols from 7 dylibs

libSystem.B.dylib78 CoreFoundation75 IOKit70 Security24 libobjc.A.dylib9

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

init_data_protection

xpcroleaccountd