CVE-2026-24071
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3Description
It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler function uses _xpc_connection_get_pid(arg2) as argument for the hasValidSignature function. This value can not be trusted since it is vulnerable to PID reuse attacks.
Analysis
Native Access's privileged XPC helper uses PID-based code signature verification, which is vulnerable to PID reuse attacks allowing local attackers with low privileges to bypass security checks and gain elevated access. Public exploit code exists for this vulnerability, and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running Native Access and assess business criticality. Within 7 days: Implement network segmentation to restrict XPC service access and disable Native Access on non-essential systems; establish monitoring for suspicious process behavior. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today