Skip to main content
  1. Home
  2. Computing
  3. Apple
  4. Web
  5. News

Researchers exploit flaws in two browsers installed on MacOS devices

Add as a preferred source on Google

Researchers recently uncovered security flaws in two web browsers for MacOS enabling hackers to gain access to Mac devices. The first flaw reared its head in Safari during the first day of Pwn2Own 2018, giving the hacker full control of the Touch Bar. Meanwhile, Check Point Research stumbled across a nasty bug in Google Chrome granting access to the administrative or any other user account without the need for a password. 

First up, Samuel “5aelo” Gross from Phoenhex targeted Safari during his Pwn2Own hack attempt using a MacOS kernel Elevation of Privileges, meaning he found a way to get permission to use resources only reserved for the lowest level of MacOS that even administrators can’t access. He did this by exploiting a bug in Safari’s Java-based just-in-time (JIT) compiler optimization combined with a flaw in the MacOS platform. 

Recommended Videos

“He used a combination of a JIT optimization bug in the browser, a macOS logic bug to escape the sandbox, and finally a kernel overwrite to execute code with a kernel extension to successfully exploit Apple Safari,” Zero Day Initiative explains a bit more thoroughly. “He left a message for us on the touchbar once he was complete.” 

Meanwhile, Check Point Research’s discovery in Google Chrome has nothing to do with the Pwn2Own 2018 event. Instead, one of the firm’s security analysts noted “unexpected behavior” while examining the Remote Desktop component of Google’s Chrome browser for MacOS. He noticed that he could sign onto the remote Mac device as a guest user, but jump into another active session, even one used by the administrator, without entering a password. 

As the report explains, typically there is someone logged onto a MacOS device but locked with a password when not in use. In turn, guests don’t actually have an account: They can simply access the Mac device without a password and are typically restricted in some fashion by the administrator. All files created by the guest are stored in a temporary folder and deleted once they log off the device. 

That said, if guests access the Mac remotely using Chrome’s extension, they see a screen displaying the current user’s password entry field and an option to sign on as a guest. After clicking on the guest icon and proceeding to the home screen, the guest will see the current user’s desktop rather than the temporary sandboxed guest account. Meanwhile, the source MacOS device displays the guest account on its screen. 

The company said it reported the Chrome issue to Google on February 15, but the search engine giant believes the Remote Desktop login screen is not “a security boundary.” Regardless, Check Point Research felt the need to go public with the issue given many Mac owners provide guest access to their devices. 

Chrome’s Remote Desktop component is a handy way to troubleshoot a remote relative’s computer or grab files from home. At least two computers need Chrome installed, with one serving as the “source” machine providing an access code to the second machine.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Apple’s Hide My Email feature has an unfixed bug that leaves email addresses exposed
100% exploitable in limited testing, known since June 2025, and still unfixed as of today.
apple-merging-sign-in-with-apple-hide-my-email-icloud+

Apple has been selling Hide My Email to keep your real email address hidden, but it has a vulnerability that does the exact opposite. The worst part is that the company has known about it for a year. 

Hide My Email, part of Apple’s paid iCloud+ subscription, lets users generate anonymous email addresses for signing up to a website, so that their personal or work email remains free of promotional emails and spam. 

Read more
I hate sharing my Mac, but a face-unlocking app finally cured my privacy paranoia
Someone finally built the app locker every Mac user has been asking for.
FaceGate in action on Mac

If you have ever handed your Mac to a friend, family member, or coworker for "just a minute," you know the mild panic that follows. Sure, your Mac has a lock screen, but once someone is past it, they can open Messages, Photos, Notes, Mail, WhatsApp, and your browser.

iPhones had the same issue, but Apple solved it by adding an app lock feature with the iOS 18 update. Sadly, no such feature exists for macOS. That’s where the new FaceGate app for Mac can help you. It’s a free and open-source app that lets you lock apps on your Mac and even has some novel tricks up its sleeve. So, let’s talk about it, shall we?

Read more
The charm of a tiny Windows tablet is apparently dead at Microsoft. Long live the Surface Go!
Microsoft’s budget Surface era may be over
Microsoft Surface Go 3 stand.

Microsoft might be cleaning up its Surface lineup. According to Windows Central, Microsoft has stopped manufacturing the Surface Go and Surface Laptop Go lines, with no successors currently planned. Surface Go 4 and Surface Laptop Go 3 are reportedly out of stock in most places, and once remaining retail stock is gone, that may be it.

If this is true, then we are looking at the end of the brand's budget Surface PCs as Microsoft has plenty of premium Windows hardware.

Read more