News is spreading of a vulnerability in OS X 10.10 Yosemite, 10.9 Mavericks and 10.8 Mountain Lion discovered last month by Emil Kvarnhammar, a security researcher at Sweden-based TrueSec.
The vulnerability - dubbed 'Rootpipe' - allows privilege escalation from the regular administrator level to root, which provides unrestricted access to the system.
While OS X user accounts can be given standard (reduced) privileges, the default configuration is one user account with administrator privileges.
Kvarnhammar suggests that measure does provide protection against Rootpipe.
TrueSec followed the principles of responsible disclosure, and notified Apple of Kvarnhammar's discovery.
The two companies agreed that details of the vulnerability will not be released until January.
"This might sound like a long wait, but hey, time flies," said Kvarnhammar in a comment on a demo of the vulnerability that TrueSec posted on YouTube.
He also pointed out that while the demo was based on a Terminal script, Rootpipe could be combined with other vulnerabilities to allow remote exploitation.