Google's ProjectZero security programme has disclosed a "high-severity" macOS vulnerability before the problem has been patched.
The macOS security flaw lets attackers modify a user-mounted file system image without alerting the user.
It is not clear how this vulnerability can be exploited, but the level of access provided by the security flaw means that attackers could potentially do serious damage without users being aware that their system is compromised.
Apple is working on a fix for the problem, but Mac users will remain vulnerable until a solution is implemented.
ProjectZero's policy is to disclose the security flaw to manufacturers and publish information about the vulnerability after a period of 90 days, regardless of whether a fix has been implemented.
"We've been in contact with Apple regarding this issue, and at this point no fix is available," a ProjectZero team member stated.
"Apple are intending to resolve this issue in a future release, and we're working together to assess the options for a patch. We'll update this issue tracker entry once we have more details."