Redazione RHC : 1 August 2025 14:36
With the growing integration of Linux tools into consumer systems, Apple has taken a major step toward cybersecurity professionals. With the release of macOS Sequoia, the company introduced its own container system, allowing Linux distributions to run in an isolated virtual environment on Apple Silicon devices. One of the first distributions compatible with was Kali Linux, a popular platform for penetration testing and security analysis.
At WWDC 2025, a new framework called Container was announced. This mechanism allows Linux to run within the virtualization built into macOS, without the need to install a third-party hypervisor. The technology is available exclusively on computers with Apple ARM processors, making it unavailable to owners of Intel-based Macs.
The container environment is installed via Homebrew with the brew install –cask container command, after which the system is activated with container system start . The user can then start Kali with the container run –rm -it kalilinux/kali-rolling command, which extracts the image from DockerHub and runs it within the macOS virtual machine. If necessary, you can mount a local directory within the container using –volume and –workdir , allowing Kali to access the host files directly.
However, Apple’s implementation has limitations. Kali Linux officially reports issues with network interfaces in Sequoia 15: containers may not have an IP address, or network access may be completely blocked. The team recommends relying on Apple’s documentation to resolve these issues. Furthermore, according to experts, any tasks that require direct access to physical hardware will not be possible in this configuration: containers are, by definition, isolated from the hardware.
Despite these nuances, the ability to run Kali on macOS without having to set up a full virtual machine or use dual boot significantly simplifies the daily work of Pentesters and analysts. This is especially important for those who prefer macOS as their primary operating system but regularly use Linux tools. The new framework’s features make running Kali almost as easy as working with Docker, while maintaining security and relatively high performance.
For Apple, this move marks a broader recognition of the importance of Linux in professional workflows. And for the cybersecurity community, it represents another bridge between two worlds long separated by architectural barriers.
Redazione