A macOS privilege escalation technique that silently disables enterprise security tools from an ordinary user account has been disclosed, affecting major endpoint detection and response (EDR) and mobile device management (MDM) products.
New research from exposure management specialise XM Cyber found that a non-root user could abuse macOS’s trusted software verification to call privileged functions without authentication.
The flaw lies in XPC, the service macOS apps use to communicate with their background processes, and XM Cyber said it affects many applications.
Turning Security Tools Against Themselves
Many macOS apps run a privileged helper as root and let their own signed components communicate with it via XPC. The helper trusts callers based on their code signature, known as a CDHash.
XM Cyber found that macOS keeps that trust cached after a signed app first runs. An attacker can launch a legitimate app, tamper with it to load a malicious interface file, then inherit its trusted status. From that trusted context, the code can call the helper’s most sensitive functions with no authentication.
XM Cyber said these included built-in methods to run commands or shut down apps and system extensions. An attacker can use them to make a security product disable or remove itself, bypassing its own tamper protection.
Because the technique abuses normal macOS behavior, the researchers said it leaves almost no forensic trace.
CrowdStrike Responds to Findings
XM Cyber said it validated the technique against well-known endpoint tools. On CrowdStrike’s Falcon sensor, it fully unloaded the agent from a standard user account, killing detection, process monitoring and network visibility.
CrowdStrike has since added detection and prevention across supported macOS sensor versions. The firm also deactivated Kandji’s MDM agent, which has been fixed and assigned CVE-2026-39118.
“The technique exploits a macOS issue, and we have detections and preventions in place for the Falcon sensor,” a CrowdStrike spokesperson told Infosecurity Magazine.
The researcher behind the discovery, XM Cyber’s Hillel Pinto, also built an open-source tool, XPC Hunter, that scans installed macOS apps for the same weakness, and plans to present it at Black Hat US in August.
The attack needs an existing foothold, a standard local account, so XM Cyber framed it mainly as an insider or post-compromise threat.
Read more on attacks that disable security software: GentleKiller Framework Disables Victims’ Security Software
The fix is straightforward, XM Cyber said: developers should validate the caller’s identity during the XPC handshake, using checks Apple has offered since macOS 13, rather than trusting the cached signature.
Pinto said organizations should treat the technique as “a major gap in modern endpoint security models.” With the named vendors patched, the wider risk lies in the many other macOS apps that have not closed it.
Update 25 June, 2.30PM: this story was updated to include CrowdStrike’s comment.
