Vendor
authd 0.6.0 contains a bug that leads to an incorrect primary group ID being set to the user's UID, potentially leading to local privilege escalation and incorrect file ownership, fixed in authd >= 0.6.4.