New macOS security flaw could let hackers disable protection tools, researchers say
Security firm XM Cyber found a macOS technique that can let standard user accounts disable some enterprise security tools without administrator credentials. The research focuses on trusted macOS communication channels Researchers disclosed the findings ahead of a planned Black Hat Arsenal presentation in August, where they'll demonstrate an open-source tool called XPC Hunter. XM Cyber reported successful attacks against CrowdStrike Falcon and Kandji on macOS. The firm's reported technique isn't a remote attack. Researchers said attackers must first gain access to a standard user account on the target Mac . Requiring access to an existing account limits the attack's reach, but it doesn't make the research insignificant. Attackers who gain access to a Mac often try to disable monitoring tools before moving deeper into a system or network. Continue Reading on AppleInsider | Discuss on our Forums
What happened?
Security firm XM Cyber found a macOS technique that can let standard user accounts disable some enterprise security tools without administrator credentials. The research focuses on trusted macOS communication channels Researchers disclosed the findings ahead of a planned Black Hat Arsenal presentation in August, where they'll demonstrate an open-source tool called XPC Hunter. XM Cyber reported successful attacks against CrowdStrike Falcon and Kandji on macOS. The firm's reported technique isn't a remote attack. Researchers said attackers must first gain access to a standard user account on the target Mac . Requiring access to an existing account limits the attack's reach, but it doesn't make the research insignificant. Attackers who gain access to a Mac often try to disable monitoring tools before moving deeper into a system or network. Continue Reading on AppleInsider | Discuss on our Forums
Story details
Security firm XM Cyber found a macOS technique that can let standard user accounts disable some enterprise security tools without administrator credentials.
The research focuses on trusted macOS communication channels Researchers disclosed the findings ahead of a planned Black Hat Arsenal presentation in August, where they'll demonstrate an open-source tool called XPC Hunter.
XM Cyber reported successful attacks against CrowdStrike Falcon and Kandji on macOS.
Why it matters
This page keeps Apple rumors separate from official updates, so readers can follow early reports without confusing them with confirmed announcements.