You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: carefulowner
carefulowner Author
User level: Level 1
92 points

A quick query about "mach_kernel"

My iMac at present uses Mavericks 10.9.5, Build 13F1066, and it was just the other day that I noticed that my main drive had 'acquired' a file called "mach_kernel", the icon of which is clearly displayed in Finder. I don't know quite when it first showed up on my system as that but a little bit of research showed that it must have been as a result of an OSX update that I performed at some time between Dec 2014 and now. Why on earth would Apple want to expose OSX's core code in this way?! And why hasn't Apple issued a fix for it in one of their many OSX updates in recent months, for goodness sake?!

I gather that I can hide the file using the Unix command

sudo chflags hidden /mach_kernel

Now, it's only rarely that I open Terminal and make any changes, but should this string be on a line of its own, or must it be typed directly after the first prompt sign (dollar-sign) that I see? If the latter, then I presume I'll need a one-character space between the prompt and that first 's', and that, in that string, all the spaces are one-character spaces? I'm being a bit pedantic only because I gather that Unix has an unforgiving reputation.

I presume that there's nothing special about Mavericks that actually requires the file to be visible. And surely this must be a bit of a security risk?

None of the updates (including those for utilities and apps) are automatic/background on my machine, as I opt to always do mine manually, allowing me sometimes to pick and choose when groups of updates become available at the Updates site. So perhaps a fix for this was missed at some stage because Apple bundled it with a whole bunch of updates?


iMac (27-inch, Late 2013), OS X Mavericks (10.9.2)

Posted on Mar 15, 2015 4:51 AM

Reply
8 replies
User profile for user: powerbook1701
powerbook1701
User level: Level 3
668 points

Mar 15, 2015 5:48 AM in response to carefulowner

I noticed a thread farther down yesterday when I had the same question. In that thread, there is an Apple kbase article I found that offers a fix.

mach_kernel appeared


OS X: mach_kernel visible in the Finder - Apple Support


I followed it's advice (the kbase) and it instantly fixed the issue. It seems the recent Security Update caused the issue. I read somewhere else that the updater didn't include something the previuos security update included to prevent that from happening. The file didn't appear for me until right after that updated 2015-002

Reply
User profile for user: carefulowner
carefulowner Author
User level: Level 1
92 points

Mar 15, 2015 5:47 AM in response to greg sahli

Not sure what you mean, in this context, by "But the root level of the drive is normally hidden".


Root level or not, it's easily seen on my Mac drive, it showing amongst the usual Applications, Library, System and Users folders, which are all accessed with a single mouseclick, once Finder is opened. To some, it could be a temptation to meddle. Even the most cautious of us could inadvertently click on the icon by mistake. Also, it'd be a gift to any successful hack of the machine from outside.


I suppose one could argue that, in other scenarios, operating systems have long been displayed in such open manners, eg. the Windows folder on Microsoft machines. But I thought Apple was a bit more 'canny' than that.

Reply
User profile for user: carefulowner
carefulowner Author
User level: Level 1
92 points

Mar 15, 2015 5:59 AM in response to powerbook1701

Powerbook1701,


So, Apple has in fact acknowledged it, then?! Thanks for the link to the official instructions about correcting the issue.


I'm presuming that, once I open Terminal, I start typing that command string after the first prompt sign I see? Correct? And with a null space between the prompt sign and the 's' in sudo? (I'm not a regular user of Terminal).

Reply
User profile for user: BobHarris
BobHarris
User level: Level 9
55,091 points

Mar 15, 2015 8:59 AM in response to carefulowner

Just copy and paste the command from the forum (or Apple's web page) into the Terminal

sudo chflags hidden /mach_kernel

then type <return>

You will get a Password prompt.

Type your password. You will NOT see any echoing of your password, nor any other indication what you are typing is being seen, but the Mac is really seeing it.

After typing your password, type <return>

If you made a mistake with your password, you will get an error message and a chance to try again.


NOTE: The hidden flag is mostly there to keep users from deciding they do not know what the file is, and delete it. The operating system (heck kernel_task "IS" the operating system), does not care if the file has the hidden flag or not.


Since you know it is essential, and will not delete it, as long as no one else uses your Mac and is able to delete it, then you can ignore it, as chances are you do not spend a lot of time looking at the file system root directory, and it will spend most of its time out-of-site out-of-mind.

Reply
User profile for user: baltwo
baltwo
User level: Level 9
62,374 points

Mar 16, 2015 3:35 PM in response to greg sahli

greg sahli wrote:

My Mach_kernel is not hidden.

Then, hide it as discussed below.

But the root level of the drive is normally hidden.

The root-level is not normally hidden, just specific parts, including the mach_kernel file. The normally visible parts are Applications, Library, System, and Users.


27" i7 iMac (Mid 2011) refurb, OS X Yo (10.10.2), Mavs, ML & SL, G4 450 MP w/10.5 & 9.2.2

Reply

A quick query about "mach_kernel"

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up