EIP-2026-103375

PRE-CVE

macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103375. PoCs published by Google Security Research.

AI-analyzed exploit summary This writeup details a vulnerability in macOS's `update_dyld_shared_cache` tool, where insufficient SIP checks allow potential injection of malicious libraries into the dyld shared cache. The analysis highlights flaws in `rootless_check_trusted()` and discusses theoretical exploitation via `-root` or `-overlay` flags.

Description

macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache

Exploits (1)

exploitdb WRITEUP VERIFIED
by Google Security Research · textlocalmacos
https://www.exploit-db.com/exploits/47708

This writeup details a vulnerability in macOS's `update_dyld_shared_cache` tool, where insufficient SIP checks allow potential injection of malicious libraries into the dyld shared cache. The analysis highlights flaws in `rootless_check_trusted()` and discusses theoretical exploitation via `-root` or `-overlay` flags.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Theoretical
Target: macOS Mojave (10.14.6) and Catalina Beta (10.15 Beta 19A536g)
Auth required
Prerequisites: Local access · SIP partially disabled (debugging restrictions off) · Ability to execute `update_dyld_shared_cache` with specific flags
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026