Article illustration 1

Cybersecurity professionals just gained a powerful new workflow option: Kali Linux now runs natively on macOS Sequoia through Apple's newly launched containerization framework. Announced at WWDC 2025, this technology—positioned as Apple's answer to Windows Subsystem for Linux (WSL2)—enables Apple Silicon devices to execute Linux distributions in lightweight virtualized environments without traditional VM overhead.

The macOS Security Toolkit Revolution

For years, Mac-based security researchers juggled dual-boot setups or resource-heavy virtual machines to access Kali's specialized penetration testing tools. Apple's containerization framework changes that paradigm. After installing the container CLI via Homebrew (brew install --cask container and container system start), security teams can launch a full Kali instance with a single terminal command:

container run --rm -it kalilinux/kali-rolling

Need to analyze local files? The framework supports directory mounting for seamless host-container interaction:

container run --remove --interactive --tty --volume $(pwd):/mnt --workdir /mnt docker.io/kalilinux/kali-rolling:latest

Limitations and Workarounds

The integration isn't without caveats. The Kali team notes persistent networking bugs in macOS Sequoia that may prevent containers from obtaining IP addresses. Apple provides documented workarounds, but enterprise users should test thoroughly before deployment. Crucially, the feature remains exclusive to Apple Silicon, leaving Intel Mac users without support.

As cybersecurity researcher Taha Ex highlights, hardware-dependent tasks requiring direct device access (like radio frequency analysis or GPU cracking) remain impractical due to the container's isolation from physical hardware. This confines the solution to software-based security assessments.

Why This Matters

By embracing containerized Linux distributions, Apple signals recognition of macOS's growing role in security workflows. The frictionless access to Kali tools—from nmap scans to Metasploit modules—eliminates significant setup barriers for Mac-based researchers. While networking quirks need resolution, this native integration foreshadows a future where macOS becomes a first-class platform for offensive security operations.

Source: BleepingComputer