Hackers Selling macOS 0-Day LPE Exploit on Dark Forums

A threat actor claiming to possess a zero-day Local Privilege Escalation (LPE) exploit targeting Apple’s macOS operating system has emerged on underground cybercriminal forums, offering the vulnerability for sale at a substantial price point.

The alleged exploit, if genuine, represents a significant security concern for macOS users across multiple operating system versions, potentially allowing attackers to gain complete administrative control over compromised systems.

Exploit Details and Claims

The threat actor, operating under the handle #skart7, has posted advertisements on a well-known underground software marketplace claiming possession of a logical LPE vulnerability affecting macOS versions ranging from 13.0 through 15.5, including the experimental macOS 26 beta release.

According to the seller’s claims, this zero-day exploit would enable any unprivileged user account to escalate directly to root-level administrative privileges, effectively bypassing Apple’s built-in security mechanisms.

The asking price for this alleged vulnerability stands at $130,000, with ...