The group behind the Month of Apple Bugs (Moab) project has found a flaw in software designed to fix security issues on Apple Macs.
The vulnerability affects the Application Enhancer (Ape) software, which was designed by a rival group trying to combat the flaws highlighted by Moab.
The bug could allow malicious users on a local system to replace Ape's binary code and take control of the root privileges on a computer.
"Like the previous local exploits, this could be combined with a remote exploit to gain root privileges from an administrator account without user interaction," said Landon Fuller, author of the Ape software, on his blog.
"There are also a number of alternative exploit conditions that could occur due to the admin-writability of other directories in /Library."
Moab has pledged to uncover a flaw in the Mac operating system or related software every day in January. The project is run by Kevin Finisterre and a former hacker known only as 'LMH'.
Acton's warnings come as Facebook is embroiled in one of the biggest data scandals in history
The unmanned tanks could eventually be kitted with AI systems
Dubbed I-MacEtch, it will help meet demand for more powerful nano-tech
GPU firm's research unit for self-driving cars is growing