macOS Trust Cache Abuse Lets Standard Users Disable EDR and MDM Tools
Researchers at XM Cyber disclosed a macOS privilege-escalation technique that allows a standard, non-administrative user to disable enterprise security software and invoke privileged functions without administrator credentials or kernel exploits. The attack chain abuses legitimate macOS behavior by combining weakly validated XPC connections, malicious payload injection into Interface Builder NIB files, and a newly described misuse of the kernel code-signing trust cache, which can continue trusting an application's CDHash after a legitimately signed app has run.
XM Cyber said it successfully used the method to silently unload or permanently deactivate CrowdStrike Falcon Sensor, Kandji MDM, and a third unnamed EDR product without triggering alerts. Kandji addressed the issue in an updated agent release and assigned CVE-2026-39118, CrowdStrike reportedly paid a bug bounty and added detections while disclosure continues, and another vendor is developing a patch; XM Cyber also warned that Apple does not plan to remediate the underlying macOS design issue, leaving software vendors to implement their own mitigations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
XM Cyber plans Black Hat talk and XPC Hunter release
XM Cyber researcher Hillel Pinto said he plans to present the research at Black Hat USA in August 2026 and release an open source tool called XPC Hunter. The planned presentation would publicly detail the macOS attack chain and related detection opportunities.
Third unnamed EDR vendor begins developing a patch
A third unnamed enterprise EDR vendor affected by the macOS technique was reported to be developing a patch. XM Cyber had successfully demonstrated the attack chain against that vendor's product.
CrowdStrike adds detections after disclosure
Following disclosure from XM Cyber, CrowdStrike reportedly paid a bug bounty and added detections related to the macOS technique. XM Cyber said disclosure with CrowdStrike was still ongoing.
Kandji releases agent update for CVE-2026-39118
Kandji addressed the issue in an updated Kandji Agent release and assigned CVE-2026-39118. The patch was issued in response to XM Cyber's findings about disabling or permanently deactivating the MDM agent on macOS.
XM Cyber demonstrates macOS chain to disable security agents
XM Cyber researchers demonstrated a macOS privilege-escalation and trust-cache abuse technique that lets a standard user disable or deactivate endpoint security tools without administrator credentials, kernel exploits, or alerts. The researchers showed the method working against CrowdStrike Falcon Sensor, Kandji MDM, and a third unnamed enterprise EDR vendor.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
macOS attack technique bypasses endpoint security tools | brief | SC Media
scworld.com
Open sourcemacOS Weaknesses Chained to Silently Disable Endpoint Security Agents - SecurityWeek
securityweek.com
Open sourceApple's MacOS Gap Lets Users Disable Security Tools
darkreading.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
macOS Malware Campaigns Shift Toward Infostealers and Social Engineering to Bypass Apple Protections
Threat actors are increasingly targeting macOS users with **infostealers** and distribution-as-a-service models, reflecting a broader “gold rush” in Apple-focused malware development. Reporting highlights macOS stealers targeting browser credentials and cryptocurrency assets (including seed phrases) and notes tactics to evade Apple controls such as obtaining valid Apple developer signatures to bypass *Gatekeeper*; one cited example is *MacSync* being notarized and signed under Team ID `GNJLS3UYZ4`. The same reporting describes ecosystem-scale enablement, including large-scale compromise of WordPress sites for distribution and novel command-and-control approaches such as using blockchain smart contracts (e.g., on **BNB Smart Chain**), alongside paid-traffic abuse (e.g., promoting malicious AI chat content via ads) to push stealer payloads. Separately, a Darktrace-described investigation details a **multi-stage macOS malware** campaign that prioritizes *social engineering* over exploitation to defeat Apple’s **Transparency, Consent, and Control (TCC)** privacy framework. Victims are lured via phishing to open an AppleScript masquerading as a document (`Confirmation_Token_Vesting.docx.scpt`), which displays a fake “Compatibility” error and instructs the user to launch a “Compatibility Wizard” (e.g., using a keyboard shortcut) that effectively tricks them into authorizing execution and granting access. Together, the reporting indicates macOS threats are increasingly succeeding by combining credential/crypto theft objectives with user-prompt manipulation and trust-abuse techniques rather than relying on kernel or sandbox escapes.
Mar 21, 2026
Research Highlights Multiple Enterprise Security Control Bypasses and Abuse Paths
Multiple reports describe ways attackers or testers can **abuse trusted enterprise features** to evade controls. Researchers reported that *Palo Alto Networks Cortex XDR* **Live Terminal** can be repurposed as a stealthy **command-and-control (C2)** channel because its WebSocket-based protocol lacks command signing; an attacker who can intercept the initial WebSocket message can redirect an endpoint to an attacker-controlled server/tenant, leveraging the trusted `cortex-xdr-payload.exe` component to execute commands in a “living off the land” manner. Separately, a tutorial showed *Microsoft Defender for Cloud Apps* (reverse-proxy `*.mcas.ms`) download restrictions for unmanaged devices can be **bypassed by spoofing specific browser user-agent strings**, allowing direct access to services like Outlook/SharePoint and enabling successful downloads that would otherwise be blocked. Other material in the set covers adjacent but distinct execution and delivery risks rather than the same product-specific bypasses. **CVE-2026-27615** affects *ADB-Explorer* on Windows: allowing `ManualAdbPath` to be set to a **UNC path** in a settings file can lead to **remote code execution** by pointing the app to an attacker-controlled network share, fixed in Beta `0.9.26022`. Cofense also documented ongoing campaigns abusing **Windows File Explorer WebDAV** handling to deliver malware without a browser download flow, including use of `trycloudflare[.]com` tunnels to host WebDAV servers and multi-stage script chains to deliver RATs—highlighting a persistent social-engineering and delivery vector that can bypass some browser-centric controls.
Mar 21, 2026
Researchers Detail Multiple Ways to Bypass macOS TCC Privacy Protections
SentinelLabs reported that macOS **Transparency, Consent, and Control (TCC)** protections can be bypassed through a mix of design weaknesses and unintended behavior, potentially allowing access to data and services that normally require explicit user approval. TCC is Apple’s privacy framework for restricting applications from reaching sensitive resources such as files, microphones, cameras, and other protected user data without consent. The report describes bypass paths that undermine the reliability of those safeguards, showing that privacy enforcement on macOS can fail even when users expect TCC prompts and policy checks to block unauthorized access. The findings highlight risk for enterprises that rely on native macOS controls to protect sensitive information, and they underscore the need to pair Apple’s built-in privacy model with additional monitoring, hardening, and application control defenses.
Jun 14, 2026