Apple laid out its plans for the changes in macOS security coming in macOS 10.15 Catalina at WWDC in June. Since then, ten beta releases of Catalina have passed under the bridge, and quite a bit has changed.
The biggest single change coming in Catalina takes System Integrity Protection a step further by separating almost all of the system onto a new read-only volume. In place of a single boot volume such as Macintosh HD, Macs running Catalina have two linked volumes named Macintosh HD and Macintosh HD – Data, with the latter containing all the files and folders which are write enabled, including many from top-level hidden folders and /System itself.
This new separation isn’t optional, and Apple has gone to considerable lengths to make it as seamless as possible, including the addition of a new type of bi-directional link which it terms a firmlink.
MacDailyNews Take: There’s much more in the full article – recommended – in which Oakley also notes, “In early August, Apple announced an expanded Bug Bounty programme which includes macOS, but so far doesn’t appear to have started that. As a result, some macOS security researchers may be sitting on small collections of vulnerabilities which they have discovered in Catalina. Don’t be surprised if these lead to some turbulence in the first months of Catalina’s public release cycle.”