The group behind the Month of Apple Bugs (Moab) project has found a flaw in software designed to fix security issues on Apple Macs.
The vulnerability affects the Application Enhancer (Ape) software, which was designed by a rival group trying to combat the flaws highlighted by Moab.
The bug could allow malicious users on a local system to replace Ape's binary code and take control of the root privileges on a computer.
"Like the previous local exploits, this could be combined with a remote exploit to gain root privileges from an administrator account without user interaction," said Landon Fuller, author of the Ape software, on his blog.
"There are also a number of alternative exploit conditions that could occur due to the admin-writability of other directories in /Library."
Moab has pledged to uncover a flaw in the Mac operating system or related software every day in January. The project is run by Kevin Finisterre and a former hacker known only as 'LMH'.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff