Happy New Year, Apple. As 2017 drew to a close, a security researcher tweeted out a macOS security flaw that's apparently existed for at least 15 years. "Woah. One tiny, ugly bug. Fifteen years. Full system compromise," the researcher, who goes by Siguza, tweeted on Sunday.

Siguza did not warn Apple before tweeting, but claims the flaw can only be triggered when you have local access to the Mac.

The bug resides in the software's "IOHIDFamily" component, and can be used to gain full system privileges, according to Siguza, who published a detailed write-up of the flaw.

It affects all Mac operating systems. But on Twitter, Siguza said there was no ill intent in disclosing the vulnerability. "I would've submitted to Apple if their bug bounty included macOS, or if the vuln [vulnerability] was remotely exploitable," the researcher tweeted. "Since neither of those were the case, I figured I'd just end 2017 with a bang because why not.

"If I had actually wanted to hurt anyone, I would've found some remotely triggerable vuln, written some ransomware worm and not done a write-up on it," Siguza continued.

Still, the flaw can still be useful for hackers looking to take over a Mac. The bug itself triggers when the system logs outs. Siguza imagined one attack scenario, where a hacker infects a Mac with malware, which waits until the computer reboots or shuts down to exploit the flaw.

So far, Apple hasn't publicly commented on the vulnerability or issued a fix.

PC Magazine