It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is…

A security vulnerability was discovered in Native Instruments Native Access for macOS where the XPC service uses the PID of connecting clients to verify code signatures. This approach is insecure as PIDs can be reused by attackers to bypass signature verification. The vulnerability exists in the privileged helper's connection handler function which calls _xpc_connection_get_pid() and passes this untrusted value to hasValidSignature function. PID reuse attacks allow malicious processes to impersonate legitimate applications by reusing process identifiers, potentially leading to privilege escalation or unauthorized access to system resources.