"A major gap in modern endpoint security models," said Hillel Pinto, the XM Cyber researcher who disclosed a macOS privilege-escalation technique that can let a non-root user silently disable enterprise security tools.
XM Cyber's finding and the underlying mechanism
XM Cyber reported that a flaw in macOS's interprocess communication, XPC, allows a standard local account to call privileged functions without authentication by abusing the operating system's trusted software verification. Many macOS applications run a privileged helper process as root and permit signed components of the same application to communicate with that helper via XPC. The helper traditionally trusts callers based on their code signature, a CDHash, and XM Cyber found that macOS keeps that trust cached after a signed app first runs.
How attackers can turn trusted apps into attack vectors
According to XM Cyber, the technique requires an attacker to launch a legitimate app, tamper with it to load a malicious interface file, and thereby inherit the app's cached trusted status. From that trusted context the code can invoke the helper's most sensitive functions without any further authentication. XM Cyber said the abused helper methods can run arbitrary commands or shut down applications and system extensions — actions that can be used to make a security product disable or remove itself and bypass its own tamper protection.
Real-world validation: CrowdStrike Falcon and Kandji's MDM
XM Cyber validated the technique against well-known endpoint and management tools. On CrowdStrike's Falcon sensor, the researchers said they were able to fully unload the agent from a standard user account, killing detection, process monitoring and network visibility. The disclosure also noted that XM Cyber deactivated Kandji's MDM agent; Kandji has since fixed the issue and that fix was assigned CVE-2026-39118. CrowdStrike has added detection and prevention across supported macOS sensor versions in response to the findings.
XPC Hunter, disclosure plans, and forensic implications
Pinto built and published an open-source scanner, XPC Hunter, which inspects installed macOS apps for the same weakness and is slated for a Black Hat US presentation in August. XM Cyber emphasized that because the method abuses normal macOS behavior, it leaves almost no forensic trace — a characteristic that complicates post-incident analysis when the technique is used. The researchers framed the attack primarily as an insider or post-compromise threat because it needs an existing foothold and a standard local account to succeed.
What this means for developers, enterprises, and security teams
- Developers and product teams: XM Cyber recommended a straightforward fix — validate the caller's identity during the XPC handshake rather than trusting the cached signature, using checks Apple has provided since macOS 13.
- Enterprise security and operations teams: Organizations running macOS endpoint detection and response (EDR) or mobile device management (MDM) agents should verify that vendors have applied the added detection and prevention measures or the Kandji fix (CVE-2026-39118), and should consider scanning installed applications with tools like XPC Hunter to find unpatched exposures.
- Risk and incident responders: Because the technique can leave minimal forensic traces and can disable protection from a standard account, responders should treat incidents involving suspicious local changes and sudden loss of agent telemetry as potentially linked to this XPC-based vector.
With named vendors patched, XM Cyber warned that the broader vulnerability remains across many other macOS applications that have not yet closed the gap. The technical remedy is clear; the operational work is not. Organizations that rely on macOS EDR and MDM should confirm vendor mitigations, inventory installed apps for the XPC weakness, and assume that an authenticated check of the caller during the XPC handshake — not reliance on a cached CDHash — is the baseline defense going forward.
