A new security flaw has been identified in macOS that allows standard users to disable enterprise security tools like EDR and MDM. This vulnerability, discovered by XM Cyber, takes advantage of the XPC service, which is used for inter-process communication. The flaw enables unauthorized access to privileged functions without authentication, allowing attackers to disable security applications. Notably, this attack leaves little forensic evidence and is considered a significant threat within endpoint security models.
CrowdStrike has responded by implementing detection measures, while developers are advised to enhance caller identity verification in their applications.