Researchers have discovered a macOS vulnerability that lets attackers with standard user privileges disable security tools like CrowdStrike Falcon and Kandji MDM without needing administrator access. The flaw exploits how macOS caches application trust information, allowing attackers to impersonate legitimate app components and execute privileged operations that should be restricted. According to security firm XM Cyber, Apple has stated they don't intend to fix the underlying issue, leaving vendors to implement their own protections, though the vulnerability potentially affects a large portion of the macOS ecosystem.