THE article discusses a critical security flaw found in the OpenVPN Connect macOS client, identified as CVE-2026-9560, which carries a CVSS score of 9.4. This vulnerability allows local attackers to gain full administrative control over affected Apple systems, particularly in OpenVPN Connect versions 3.5.1 to 3.8.1 due to insecure local inter-process communication (IPC) handling. The article emphasizes the urgency for enterprise software managers to update clients immediately. Additionally, the latest version (3.8.2) addresses several functional bugs, including authentication and profile management issues to enhance stability.
OpenVPN Connect macOS flaw lets attackers gain admin control
CyberSIXT Evidence Panel
Article by CyberSIXT