Warning over new bug that lets someone access your Mac without a password


Security researchers are warning about a dangerous bug affecting MacOS, which could allow someone to access your computer without a password.

The bug has been discovered in the Mac version of Google Chrome’s Remote Desktop application.

The bug, which was discovered by Check Point Research, allows someone to access admin privileges or any other user account on your Mac or MacBook without needing to enter a password.

The Chrome Remote Desktop app, which is made by Google, allows you to access another computer from your desktop, smartphone or tablet.

The app is meant to be used so that you can sign into your PC from afar or provide help on someone else’s PC without the two of you needing to be in the same location.

However, a bug in the security on MacOS could let a hacker login as a guest and access the desktop of an active user without entering a password.

For the bug to work, the user must have the guest access option enabled on their device.

A spokesperson for Check Point Research said: “To exploit this bug, once a Guest user connects to a remote desktop machine, the machine should have at least one active user in session.

“In the login screen, a user then clicks on the ‘Guest’ icon and, since a guest does not require a password, the system will proceed.

“What is expected to happen is that the local user that connects remotely to a macOS machine will receive the desktop of a ‘Guest’.

“But while this is what appears in the remote machine, the local machine (the Chrome extension) receives the desktop of the other active user session, which in this case is an admin on the system, without ever entering the password.”

CPR said it reported the bug to Google but the tech giant apparently said it has no plans to fix it as “the login screen is not a security boundary”.

The news comes after Mac users have been warned of the increasing threats from malware and viruses.

Earlier this week, a new report by Malwarebytes revealed that cases of Mac malware had surged by 270 percent in 2017.

The advice for Mac users is to take the same approach to malware as Windows users and always make sure antivirus software is installed on an Apple device.


Comments are closed.