macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools
ID: 04a05b56-d198-524a-9a64-d8cd583e0135
STIX ID: report--04a05b56-d198-524a-9a64-d8cd583e0135
Feed Name: HackRead
Threat Score
XM Cyber disclosed a macOS structural vulnerability that lets local unprivileged users chain CDHash cache exploitation with NIB payload injection against XPC services to impersonate trusted applications and issue privileged commands to background security agents, resulting in EDR/MDM unloading and telemetry removal; researchers demonstrated the technique against CrowdStrike Falcon, Kandji, and a third vendor, and vendors have issued patches and mitigations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
