
macOS XPC Flaw Allowed Non-Admin Users to Disable CrowdStrike and Kandji Security Tools
SecurityAppleCrowdStrikeCybersecurityKandjimacOSVulnerabilityXM Cyber
A macOS XPC flaw allowed standard (non-admin) users to disable security tools from CrowdStrike and Kandji, exposing a privilege escalation vulnerability in the operating system. The issue was reported by XM Cyber, prompting both vendors to release patches addressing the security gap. The flaw specifically targeted the inter-process communication (XPC) mechanism in macOS, enabling unauthorized modification or termination of security software. No CVE ID, specific macOS versions, or exact patch release dates were disclosed in the report. The impact included potential circumvention of endpoint protection, leaving systems vulnerable to further exploitation.