Just four days after Apple announced macOS Tahoe at WWDC 2025, security researcher Csaba Fitzl has uncovered a local privilege escalation (LPE) vulnerability. This flaw, demonstrated in a proof-of-concept (POC) video, allows unauthorised users to gain root access, posing a significant risk to system integrity. The video, shared on X, shows the exploit in action within a terminal, highlighting the vulnerability's potential impact.
macOS Tahoe, introduced with promises of enhanced features and security, now faces scrutiny as Fitzl's findings emerge. The LPE vulnerability could enable attackers to escalate privileges, bypassing standard user restrictions and accessing sensitive system resources. This discovery underscores the ongoing challenges in securing operating systems, even as Apple continues to refine its platforms.
Since I haven't posted any exploit videos in a while, here's a macOS Tahoe LPE. 🐟 pic.twitter.com/NIE2BxX83j
— Csaba Fitzl (@theevilbit) June 13, 2025
Fitzl, known for his expertise in macOS security, has not yet disclosed detailed information about the vulnerability, likely awaiting a fix from Apple. His work is crucial for the cybersecurity community, as it prompts swift action to mitigate risks and improve system defenses.
The timing of this revelation, so close to Tahoe's announcement, emphasises the importance of rigorous testing and rapid response in software development.