A hobbyist hacker codenamed Siguza has unearthed a macOS local privilege escalation (LPE) vulnerability that appears to have been lying dormant in the system since 2002. As macOS doesn’t fork out bug bounties, Siguza opted to disclose the discovery via Twitter on New Year’s Eve instead of privately alerting Apple.
The flaw is not particularly threatening, as it can only be exploited by attackers if they have physical access to the system to execute arbitrary code and gain root permissions – and relies on the user logging out, or being logged out.
Nevertheless, this glitch comes hot on the heels of several other recent Apple security setbacks. The tech giant is planning to issue a fix shortly.