CVE-2026-24071

Name of the Vulnerable Software and Affected Versions Native Access (affected versions not specified)

Description The XPC service within Native Access’s privileged helper is susceptible to a security issue. The service utilizes the process ID (PID) of connecting clients to validate code signatures, which is an insecure practice. This can be exploited through PID reuse attacks. The connection handler function, specifically xpc connection get pid(arg2), is used as an argument for the hasValidSignature function, but this value is not trustworthy due to the potential for PID reuse.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.