MacOS exploits are usually very quickly fixed, but this does not prevent new bugs and vulnerabilities from appearing. Developer Samuel Gross managed to discover a new macOS exploit, which allows Safari to gain control over the MacBook Pro’s touchpad.
Gross introduced an exploit on the first day of the hacker conference Pwn2Own. The discovery of the exploit brought him $ 65,000.
Such exploits are used by TippingPoint to detect bugs that need to be fixed. As a result, hackers are rewarded for helping to find exploits. In addition, this will help Apple fix the bug in the subsequent update of macOS.
In addition, the macOS Chrome Remote Desktop vulnerabilities were recently discovered. This bug is considered more serious than the Safari exploit, since it provides access to the administrator account without a password.
Interestingly, the research company shared details about the bug with Google a month ago, but nothing was done. Google is aware of the problem and does not consider it a big enough security threat. However, we continue to hope that the company will still fix the bug in the next update of the Chrome Remote Desktop client.
The research company wrote the following:
“A local user who remotely connects to the macOS device will have access to the Guest account. However, on the local device ( Chrome extension ), an administrator account opens, and no password is required for this. “
The detection of bugs provides security firms the ability to release special services with protection from them. Users have nothing to worry about, because all companies are put in the loop and quickly fix their bugs.