CVE-2026-24070

Name of the Vulnerable Software and Affected Versions Native Instruments Native Access (affected versions not specified)

Description The Native Access application installs a privileged helper, com.native-instruments.NativeAccess.Helper2, used for triggering functions via XPC communication, such as file operations and permission settings. The application is signed with entitlements com.apple.security.cs.allow-dyld-environment-variables and com.apple.security.cs.disable-library-validation, enabling DYLIB injection and potential command execution. A user with low privileges can exploit this DYLIB injection to trigger functions within the privileged helper XPC service, leading to privilege escalation. Specifically, an attacker can delete the /etc/sudoers file and replace it with a malicious version, gaining elevated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.