Apple just dropped a bombshell for developers and security researchers: Kali Linux now runs in native containers on Apple Silicon Macs, bypassing Docker altogether. This shift marks a seismic evolution in macOS’s support for Linux tools.
At WWDC 2025, Apple unveiled a containerization stack that runs each container inside its own mini virtual machine. That means better isolation, near-native I/O speeds, and sub-second cold starts, far superior to Docker’s shared-kernel model.
The system employs:
On macOS Sequoia (version 15.5 or later), Apple Silicon users can spin up Kali Linux with a few commands:
brew install –cask container
container system start
container run –rm -it kalilinux/kali-rolling
Within moments, you’re in a fully interactive Kali shell with ARM64 kernel and host-mounted directory access for persistent work.
By running each container in its own micro virtual machine, Apple eliminates Docker’s lateral movement risk. That’s a game-changer for red teams and penetration testers working with untrusted code.
Early adopters report better sandboxing, faster performance, and tighter integration with native macOS systems.
Some containers lack IPs or DNS support in Sequoia; full support is expected in macOS Tahoe 26.
Only Apple Silicon Macs are supported; Intel Macs are not.
Until now, running Kali on macOS meant slow virtual machines or resource-heavy Docker setups. Apple’s implementation delivers agility, efficiency, and security, all while preserving familiar Docker workflows using OCI-compliant images.