Two local privilege escalation vulnerabilities in Slate Digital Connect 1.37.0 for macOS allow a local attacker to elevate privileges by exploiting a TOCTOU race condition in PID validation and a certificate OU field forgery bypass. Exploitation requires existing local access. EPSS is at the 2.7th percentile, indicating low observed exploitation activity. Patch when available; disable the privileged helper tool as an interim compensating control on shared or multi-user macOS endpoints.