EIP-2026-104589

PRE-CVE

Apple Mac OSX < 10.9/10 - Local Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104589. PoCs published by mu-b.

AI-analyzed exploit summary This exploit leverages a vulnerability in macOS's Assistive Devices feature to write arbitrary files with elevated permissions, effectively achieving local privilege escalation (LPE). It abuses the Authenticator and UserUtilities classes in the Admin.framework to bypass file permission checks.

Description

Apple Mac OSX < 10.9/10 - Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by mu-b · localosx

https://www.exploit-db.com/exploits/36739

View Code ZIP pw:eip

This exploit leverages a vulnerability in macOS's Assistive Devices feature to write arbitrary files with elevated permissions, effectively achieving local privilege escalation (LPE). It abuses the Authenticator and UserUtilities classes in the Admin.framework to bypass file permission checks.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Apple macOS < 10.9

Auth required

Prerequisites: Local access to the target macOS system · Assistive Devices feature enabled or exploitable via the described method

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026