Security researchers found 'critical' flaw in IPVanish Mac VPN app — here's all you need to know

• Security researchers found a critical flaw in the IPVanish Mac VPN app
• The bug can allow attackers to gain full control over a user's system
• IPVanish said to be "working on a fix," ensuring only OpenVPN is impacted

A "critical privilege escalation vulnerability" has been discovered in the IPVanish VPN application for macOS, potentially allowing malicious actors to gain full control over a user's system.

Discovered by cybersecurity researchers at SecureLayer7, the flaw exploits the VPN’s "privileged helper tool," a background component used to manage secure network connections. The researchers found that this tool only makes very limited efforts to verify who is asking to run commands. As a result, the bug "allows any unprivileged local process to execute arbitrary code as root without user interaction," experts warn.

While IPVanish is a well-known name often compared to the best VPN services, the vulnerability has been assigned a ...