Cybersecurity firm XM Cyber has demonstrated a macOS attack technique that allows a standard, non-administrative user account to silently disable enterprise endpoint security tools, including EDR and MDM agents, without triggering alerts or requiring kernel exploits.
Some of the underlying primitives, including the abuse of weakly-validated XPC connections and the injection of malicious payloads into application Interface Builder (NIB) files, have been publicly documented by security researchers for years and partially addressed by Apple.
However, the research introduces a novel chain that exploits the persistence of the kernel’s code-signing trust cache after a legitimately signed application executes, allowing an attacker to inject a malicious payload that impersonates a trusted app component and silently invokes privileged XPC methods.
The cybersecurity company noted that the attack technique abuses legitimate macOS behavior rather than software vulnerabilities.
The technique was successfully demonstrated against CrowdStrike Falcon Sensor, which was fully unloaded from a standard user account, and against Kandji MDM, which was permanently deactivated via a two-stage chain. The Kandji exploit cleared the EDR guards and terminated the Endpoint Security Framework extension, XM Cyber said.
According to the security firm, CrowdStrike quickly fixed the issue, paid a bounty, and added detection and prevention on all supported versions of the macOS sensor. Kandji has patched the issue and assigned CVE-2026-39118 to the flaw. A third, unnamed enterprise EDR vendor was also successfully targeted and is working on a patch.
XM Cyber researcher Hillel Pinto will be releasing an open source discovery tool called XPC Hunter, which automates the identification of exploitable XPC privilege escalation surfaces across all installed macOS applications, with a full presentation planned for Black Hat US in August 2026.
SecurityWeek has reached out to Apple, CrowdStrike, and Kandji for comment and will update this article if they provide any clarifications.
UPDATE: A CrowdStrike spokesperson told SecurityWeek, “The technique exploits a macOS issue, and we have detections and preventions in place for the Falcon sensor.”
*additional details on the steps taken by CrowdStrike have been added to the initial article
Related: New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones
Related: More Cybersecurity Firms Disclose Impact From Klue Hack
Related: BeyondTrust, LastPass Impacted by Klue-Salesforce Incident
