New macOS security flaw could let hackers disable protection tools, researchers say‎

Security firm XM Cyber found a macOS technique that can let standard user accounts disable some enterprise security tools without administrator credentials.The research focuses on trusted macOS communication channelsResearchers disclosed the findings ahead of a planned Black Hat Arsenal presentation in August, where they'll demonstrate an open-source tool called XPC Hunter. XM Cyber reported successful attacks against CrowdStrike Falcon and Kandji on macOS.The firm's reported technique isn't a remote attack. Researchers said attackers must first gain access to a standard user account on the target Mac.Requiring access to an existing account limits the attack's reach, but it doesn't make the research insignificant. Attackers who gain access to a Mac often try to disable monitoring tools before moving deeper into a system or network. Continue Reading on AppleInsider | Discuss on our Forums