IPVanish has a serious security flaw on Mac – and OpenVPN users need to take note

A critical vulnerability has been discovered in IPVanish's Mac VPN app which impacts anyone who has used the OpenVPN protocol.

Research by cybersecurity firm SecureLayer7, published on March 4, 2026, discovered the flaw in IPVanish's VPN client on macOS.

This vulnerability would allow a local attacker to sidestep Apple’s security architecture and run code with the highest level of system privileges. The vulnerability affects IPVanish users on macOS 10.13 and later.

If you've never used the OpenVPN protocol, you're not affected.

IPVanish is a VPN veteran, and consistently challenges the best VPNs. It has a strong track record of privacy and security, and we would expect an imminent fix. There is no indication of any risk being presented to users of its other apps – including iOS, Android, and Windows.

SecureLayer7 has released a full breakdown of how the exploit works. It’s unclear whether SecureLayer7 have reached out to IPVanish before disclosing the exploit, but as of writing IPVanish has not released an update – although one is being worked on.

How the vulnerability works

IPVanish’s macOS app is split into two different parts. The first is the regular app that you interact with, which is run with user-level privileges. Basically, it can’t change system settings or do anything particularly sensitive on your Mac.

However, to carry out all of the networking on the back end that your VPN needs to keep your internet traffic private, IPVanish runs a separate helper tool with system level privileges. This tool can automatically perform admin-level tasks that you’d usually need your admin password for, like installing new software or creating new user accounts.

Ideally, this helper tool would only take commands from the IPVanish client.

However, SecureLayer7 discovered that this helper tool doesn’t confirm whether the commands it’s taking are actually from the IPVanish client.

This means that any user that’s logged into the Mac (or any piece of software already running on it) could connect to the IPVanish helper and run system-level commands without the admin password, giving them total access to your machine at the deepest level.

The vulnerability centres around the OpenVPN protocol and how it's implemented and operates on a technical level. If you're solely a WireGuard user, this flaw shouldn't pose a risk to you or your Mac.

What should you do?

At the time of writing, IPVanish has not released a patch for this vulnerability. But it said it was aware of the vulnerability and its team is working on a fix to be "released as soon as possible."

The VPN company added that "all macOS users will receive an automatic prompt to update to the latest version."

IPVanish recommended removing the "OpenVPN Driver" from your IPVanish app, if you have used the OpenVPN protocol. To do this:

• Open the IPVanish macOS Desktop software
• Click Settings → Protocol → OpenVPN
• Look for OpenVPN Driver and select Uninstall

IPVanish said "this will solve the vulnerability before the upcoming release." As far as we know, this vulnerability only affects Mac devices, so iOS devices are fine.

WireGuard is the default protocol for new installations. If you've only used this standard configuration then you won't be impacted.

It’s important to note that this vulnerability does require attackers to have local access to your machine. It can’t be exploited over the internet unless used as part of a larger attack chain.

Essentially, a hacker would have to figure another way to get access to your computer over the internet.

Once they’re in, the IPVanish vulnerability would allow them to carry out what’s known as a local privilege escalation attack.

IPVanish said it "takes all vulnerabilities very seriously," and identifies "issues through a combination of internal testing and ongoing monitoring." It couples this with disclosures from researchers and the security community through its Vulnerability Disclosure Program.

The VPN continued by saying: "While these processes are designed to catch problems before release, complex software environments mean that some edge cases may only surface through real-world usage or external research."

"If an issue is flagged, our teams immediately assess its scope and potential impact, develop a fix, and prioritize getting that update into a release as quickly as possible. At the same time, we provide guidance to help users mitigate potential risks as the update rolls out."