
In this article (4)
No Admin? No Problem: How a Standard macOS Account Can Silently Blind Your EDR
Key Takeaways
- A standard macOS user account is sufficient to silently disable EDR and MDM agents using XM Cyber's chained trust cache technique; no admin password or kernel exploit is required.
- Kandji patched its agent and issued CVE-2026-39118; enterprise teams should verify patch status across all macOS security tools immediately.
- Because the technique abuses legitimate macOS design rather than a discrete bug, defenders cannot wait for a single Apple fix; each security vendor must harden its own XPC and code-signing validation.
XM Cyber's research exposes a chained technique that exploits macOS trust behavior to unload CrowdStrike, Kandji MDM, and more without a single privilege prompt.
The security assumption baked into most enterprise macOS deployments goes something like this: lock down admin credentials, enforce MDM enrollment, layer on an EDR agent, and your endpoint is covered. Threat actors need to escalate privileges first, right? That assumption just took a clean hit. On June 24, 2026, researchers at XM Cyber disclosed a technique that lets a completely standard, non-administrative user account silently unload enterprise security tooling without triggering a single alert, without touching a kernel exploit, and without ever seeing a password prompt.
The Trust Cache: macOS's Memory That Outlives
the App To understand why this works, you need a quick word about how macOS decides what to trust. When a legitimately signed application runs, the kernel records its CDHash, a cryptographic fingerprint of the app's code, in a structure called the code-signing trust cache. According to SecurityWeek's Eduard Kovacs, the novel piece of XM Cyber's research is what happens after that legitimate app exits: the kernel keeps trusting that CDHash. An attacker can inject a malicious payload that impersonates the trusted app component after the fact, and the kernel's trust cache has no reason to object. The signed app did the heavy lifting; the malicious payload just walks in on its credentials. This is the critical architectural seam. XM Cyber's research, as reported by both SecurityWeek and Mallory, is explicit that the technique abuses legitimate macOS behavior rather than exploiting a discrete software vulnerability. There is no CVE filed against Apple's kernel here, because the kernel is technically doing exactly what it was designed to do. That distinction matters enormously for defenders, because there is no Apple patch to wait for that will close this specific door.
How the Chain Actually Runs
The full attack chain, as described by Mallory's intelligence summary, links three primitives together. First, weakly validated XPC connections: macOS's inter-process communication mechanism does not always rigorously verify that the caller is who it claims to be. Second, malicious payload injection into Interface Builder NIB files, the UI definition files that macOS apps use to build their interfaces. Both of these primitives have been publicly documented for years and have been partially addressed by Apple, per SecurityWeek. The third piece is the novel contribution: exploiting the trust cache persistence described above to make that injected payload look like a trusted app component when it calls privileged XPC methods. The result is that a standard user can invoke privileged functions that should, by every architectural intent, require administrator authorization. XM Cyber confirmed it successfully used this method to silently unload or permanently deactivate CrowdStrike Falcon Sensor, Kandji MDM, and a third unnamed EDR product, all without triggering alerts, according to Mallory's report.
Who Patched, Who Hasn't, and
the Awkward Apple Question Kandji moved quickly. The company addressed the issue in an updated agent release and assigned CVE-2026-39118, according to Mallory. CrowdStrike's Falcon Sensor and the unnamed third EDR product do not yet have confirmed public patch status in the available evidence. Apple has not issued a fix for the underlying trust cache behavior, consistent with XM Cyber's framing that this is an abuse of legitimate OS design rather than a correctable bug in the conventional sense. This is where the situation gets interesting from a platform security perspective. Dark Reading's Jai Vijayan, reporting on the same disclosure, notes that the technique enables an attacker to impersonate trusted application components and silently perform privileged actions. The partial mitigations Apple has previously shipped for XPC validation and NIB injection have not closed the full chain. Defenders cannot simply wait for a platform patch to appear and call the work done.
What It Actually Means for You If you run a macOS fleet and
you are trusting EDR or MDM coverage as your primary detection layer, this research should prompt an honest conversation about what that coverage actually guarantees. A threat actor who gains access to a standard user account, whether through phishing, credential stuffing, or physical access, now has a demonstrated path to silencing the tools you are relying on to catch them. The Jamf privilege escalation guidance published in 2024 remains relevant background: the principle that privilege boundaries on Apple devices need active enforcement rather than passive assumption is not new, but XM Cyber's research gives it sharp new teeth. The immediate practical steps for enterprise teams: verify you are running Kandji's updated agent, check with your other EDR vendors for advisory status on this specific technique, and review whether your XPC connection validation policies are as tight as they could be. Watch the XM Cyber blog for the full technical writeup, and watch whether Apple's response involves a security advisory or a quiet architectural revision in a future macOS release. The difference between those two outcomes will say a lot about how seriously Cupertino takes the trust model it built.