A newly discovered high-severity vulnerability in the IPVanish macOS app allows local attackers to hijack the VPN's background processes, granting them root privileges without the user ever knowing.