A newly discovered exploit in an update made to ESET anti-virus package in October 2016 contains an outdated XML parser from 2007 that is vulnerable to attack, allowing root-level code execution, and ultimately a compromised machine.
Source:: Apple Insider