macOS CDHash Cache Flaw Lets Attackers Disable EDR and MDM Security Tools Without Admin Rights
XM Cyber discovered a privilege-escalation technique abusing macOS CDHash caching that allows standard users to silently disable CrowdStrike Falcon and Kandji MDM, with Apple reportedly declining to fix the underlying OS issue.
Researchers at XM Cyber have uncovered a novel macOS privilege-escalation technique that allows a user with standard privileges to disable enterprise security tools and invoke privileged functions without administrator credentials. The technique exploits how macOS establishes and validates application trust information, enabling an attacker to impersonate trusted application components and silently perform actions that should only be available to privileged processes.
XM Cyber demonstrated the attack by disabling CrowdStrike Falcon Endpoint Detection and Response (EDR) and Kandji Mobile Device Management (MDM) without needing administrator credentials, kernel exploits, or triggering any alert. The researchers said the issue potentially affects other macOS applications that provide privileged Cross-Process Communication (XPC) services and rely on Apple's CDHash, a cryptographic identifier for verifying an application's authenticity. "macOS applications routinely expose privileged XPC services running as root — yet the trust boundaries protecting these interfaces are fundamentally flawed," said XM Cyber senior security researcher Hillel Pinto in a report.
The core problem lies in how macOS caches and reuses an application's CDHash. Once the OS caches the cryptographic fingerprint, it continues to trust the application even if an attacker later modifies some of its components. This allows a standard user to inject malicious code into a NIB file inside a trusted application and trick the system into running privileged commands. XM Cyber used this technique to "completely unload the CrowdStrike Falcon endpoint security sensor," neutralizing all endpoint detection, network visibility, and process monitoring capabilities on a macOS system. The company also permanently deactivated Kandji MDM using the same method.
Pinto described the issue as a flaw in macOS itself that affects applications relying on Apple-provided XPC functionality. "If Apple had fixed the underlying issue in macOS, these products would not be vulnerable through this attack vector," Pinto said. However, he claimed Apple has stated they do not intend to address the bug, so affected vendors must implement their own mitigations. Not all macOS applications are vulnerable — the issue affects those implementing XPC communication between components, which includes a large portion of the macOS ecosystem.
Iru Inc., the company behind Kandji, released an updated version of its Kandji Agent that protects against the exploit, and the vulnerability was assigned CVE-2026-39118. XM Cyber has notified CrowdStrike about the vulnerability and disclosure is ongoing. XM Cyber also developed an open-source LLM-powered tool named XPC Hunter to help security researchers find exploitable macOS XPC privilege escalation vulnerabilities across other applications. The company plans to release XPC Hunter at Black Hat USA in August.
The impact of this technique is significant for enterprise macOS environments. By disabling EDR sensors without triggering alerts, attackers can silently maintain persistence, exfiltrate data, or deploy ransomware without detection. With Apple reportedly declining to patch the root cause, organizations must rely on individual vendors to harden their XPC implementations. Security teams should verify with their macOS tool vendors whether their products are affected and ensure they are running the latest versions with appropriate mitigations.
XM Cyber researcher Hillel Pinto will release an open-source discovery tool called XPC Hunter at Black Hat US in August 2026, which automates the identification of exploitable XPC privilege escalation surfaces across all installed macOS applications. The technique was successfully demonstrated against CrowdStrike Falcon Sensor, which was fully unloaded from a standard user account, and against Kandji MDM, which was permanently deactivated via a two-stage chain. CrowdStrike has paid a bug bounty and added detection, while Kandji has patched the issue and assigned CVE-2026-39118 to the flaw. A third, unnamed enterprise EDR vendor was also successfully targeted and is working on a patch.