A macOS attack chain described as using legitimate operating-system behavior, not a classic vulnerability, raises a hard question: how much protection remains if a standard user can silence the tools meant to watch them?