A privilege escalation technique discovered by XM Cyber allows a standard user on macOS to disable enterprise security tools — EDR and MDM — without administrator credentials. The demonstration, disclosed on June 24, 2026, strikes at the core of macOS's trust model: the CDHash cache continues to trust an application even after its components have been tampered with. According to the researchers, Apple has stated it does not intend to fix the underlying defect.
- The technique exploits two macOS mechanisms: the CDHash cache, which does not invalidate trust after component modifications, and code injection into NIB files of legitimate apps.
- XM Cyber demonstrated complete disablement of CrowdStrike Falcon EDR and permanent deactivation of Kandji MDM by a standard user. \li>Kandji released a patch (CVE-2026-39118, CVSS 8.4 HIGH); the remediation status for CrowdStrike Falcon remains unclear as of publication.
- Researcher Hillel Pinto will release the open-source tool XPC Hunter at Black Hat USA in August 2026 to enable verification of the issue.
How the Bypass Works: CDHash, NIB, and Trust That Won't Die
The attack chain unfolds in three steps, all executable by a standard user. The starting point is macOS's CDHash cache, which stores an application's cryptographic hash at first launch. According to XM Cyber, once cached, the hash is not revalidated when the app's internal components are modified. The system continues to consider the application trusted.
Building on this residual trust is the second element: injection of malicious code into NIB (NeXT Interface Builder) files. These files, used by macOS's interface to define app layouts and behaviors, become the vehicle for executing arbitrary code in the context of a legitimate application. The injected code inherits the CDHash cache's trust.
The third step exploits XPC (Cross-Process Communication) services running as root. Many macOS applications expose these services for privileged operations; the injected code, impersonating the trusted component, can invoke them and obtain execution of functions normally reserved for administrators. The result is a privilege escalation that completely bypasses credential checks.
"macOS applications routinely expose privileged XPC services running as root — yet the trust boundaries protecting these interfaces are fundamentally flawed"
— Hillel Pinto, XM Cyber
The CrowdStrike Falcon Demo: An EDR That Stops Seeing
XM Cyber turned theory into practice with two demonstrations against widely deployed enterprise products. In the first case, researchers achieved complete unloading of the CrowdStrike Falcon sensor, neutralizing all endpoint detection, network visibility, and process monitoring and process monitoring capabilities. The source does not specify whether the technique requires particular conditions or specific product versions.
In the second case, the same attack chain produced permanent deactivation of Kandji MDM, a device management tool widely used in enterprises with macOS fleets. The distinction between the two scenarios is significant: while Falcon is an EDR designed to detect threats, Kandji is a management agent that enforces security policies on the device. Its compromise not only eliminates visibility but nullifies control over the device itself.
According to the source, Iru Inc. has released an updated Kandji agent that protects against the exploit. CVE-2026-39118 has been assigned to the patch, with a CVSS 8.4 HIGH score under CVSS:3.1. However, the identifier is not verifiable in the NVD sources provided in the dossier, which contain no reference to this identifier. For CrowdStrike Falcon, the remediation status remains unclear as of the Dark Reading article's publication.
Apple's Stance and Responsibility Shifted to Vendors
The case introduces a fracture in macOS security management. According to a statement attributed to Hillel Pinto, XM Cyber reportedly received a response from Apple that the company does not intend to fix the underlying bug in the operating system. The source does not report the exact text of the communication or the channel through which it occurred.
If confirmed in the terms described, this stance shifts the burden of protection entirely onto security and device management vendors. Tools designed to protect the macOS ecosystem become victims of the same trust mechanism they are meant to inherit. Pinto commented explicitly: "If Apple had fixed the underlying problem in macOS, these products would not be vulnerable through this attack vector."
The technique is not limited to the two demonstrated products. According to the same source, the combination of CDHash cache exploitation and NIB injection represents a "generic attack primitive" applicable to any macOS application that exposes privileged XPC services. The dossier does not quantify how many enterprise apps fall into this category.
Why It Matters
The source does not specify whether the technique has been observed in real-world exploits ("in-the-wild"). The dossier documents no corrective measures from Apple nor timelines for potential future interventions. No infrastructure overlaps link the XM Cyber research to other known actors or campaigns.
The most significant limitation for enterprises is the absence of an operating-system-level fix. Until Apple changes the CDHash cache behavior, every macOS security vendor must independently verify whether their products use XPC services with CDHash verification and, if so, implement specific countermeasures. The source does not list frameworks or checklists for this verification.
The planned release of XPC Hunter at Black Hat USA 2026 will make the verification tool public, increasing the likelihood the technique will be replicated. The dossier does not specify whether the tool will include remediation capabilities or only detection.
Questions That Remain Open
Does the technique work on all macOS versions?
The dossier does not specify the exact scope of vulnerable versions. It is unclear whether the issue affects all macOS releases with CDHash caching or only specific configurations.
Has CrowdStrike released a patch?
According to the source, XM Cyber notified CrowdStrike but the patch status remains unclear as of the article. The dossier contains no subsequent updates.
What if a company uses neither CrowdStrike nor Kandji?
The technique is described as generic for apps with privileged XPC services. The dossier does not list other verified products, so the vulnerability may extend to other vendors without this having been demonstrated.
The episode raises an architectural question that transcends a single advisory: when the operating system delegates trust verification to its internal mechanisms but fails to invalidate them upon change, the entire enterprise security stack rests on a fragile premise. Whether Apple confirms its stance or not, the case shows how the line between "protecting the system" and "being bypassed by the system" on macOS is thinner than the enterprise industry assumes.
Information is based on the cited advisory and current as of publication.
Sources
- https://www.darkreading.com/application-security/apple-macos-security-gap-users-disable-security-tools
- https://nvd.nist.gov/vuln/detail/CVE-2025-43529
- https://support.apple.com/en-us/100100
- https://techcrunch.com/2026/06/08/apples-photos-app-is-getting-new-ai-editing-features/
- https://nvd.nist.gov/vuln
- https://nvd.nist.gov/vuln/categories
- https://nvd.nist.gov/vuln/vendor-comments
Information is based on the cited source and current as of publication.