Apple has fixed a major security hole that has been present in its OS X operating system since at least 2011.
The vulnerability existed in checking XPC entitlements and meant a process may gain admin privileges without properly authenticating, Apple revealed.
Kvarnhammer said a planned full disclosure date in January had to be postponed after Apple reported that a fix would require "a substantial amount of changes on their side".
Even now only the latest version of Mac OS X, Yosemite (10.10) has been fixed, leaving Mavericks and Mountain Lion users vulnerable to exploits based on the flaw.
"We recommend that all users upgrade to 10.10.3," Kvarnhammer wrote.
For users who continue to run OS X 10.10, 10.10.1, or 10.10.2, a patch for the problem is included in the new Security Update 2015-004.
Kvarnhammerat the end of October and a primer on how to protect affected versions of OS X was published a few days later.
The critical nature of the flaw will push more Mac OS users towards Yosemite, a free download with extensive hooks into Apple's iCloud services.