Skip to main content

Researchers exploit flaws in two browsers installed on MacOS devices

Researchers recently uncovered security flaws in two web browsers for MacOS enabling hackers to gain access to Mac devices. The first flaw reared its head in Safari during the first day of Pwn2Own 2018, giving the hacker full control of the Touch Bar. Meanwhile, Check Point Research stumbled across a nasty bug in Google Chrome granting access to the administrative or any other user account without the need for a password. 

First up, Samuel “5aelo” Gross from Phoenhex targeted Safari during his Pwn2Own hack attempt using a MacOS kernel Elevation of Privileges, meaning he found a way to get permission to use resources only reserved for the lowest level of MacOS that even administrators can’t access. He did this by exploiting a bug in Safari’s Java-based just-in-time (JIT) compiler optimization combined with a flaw in the MacOS platform. 

“He used a combination of a JIT optimization bug in the browser, a macOS logic bug to escape the sandbox, and finally a kernel overwrite to execute code with a kernel extension to successfully exploit Apple Safari,” Zero Day Initiative explains a bit more thoroughly. “He left a message for us on the touchbar once he was complete.” 

Meanwhile, Check Point Research’s discovery in Google Chrome has nothing to do with the Pwn2Own 2018 event. Instead, one of the firm’s security analysts noted “unexpected behavior” while examining the Remote Desktop component of Google’s Chrome browser for MacOS. He noticed that he could sign onto the remote Mac device as a guest user, but jump into another active session, even one used by the administrator, without entering a password. 

As the report explains, typically there is someone logged onto a MacOS device but locked with a password when not in use. In turn, guests don’t actually have an account: They can simply access the Mac device without a password and are typically restricted in some fashion by the administrator. All files created by the guest are stored in a temporary folder and deleted once they log off the device. 

That said, if guests access the Mac remotely using Chrome’s extension, they see a screen displaying the current user’s password entry field and an option to sign on as a guest. After clicking on the guest icon and proceeding to the home screen, the guest will see the current user’s desktop rather than the temporary sandboxed guest account. Meanwhile, the source MacOS device displays the guest account on its screen. 

The company said it reported the Chrome issue to Google on February 15, but the search engine giant believes the Remote Desktop login screen is not “a security boundary.” Regardless, Check Point Research felt the need to go public with the issue given many Mac owners provide guest access to their devices. 

Chrome’s Remote Desktop component is a handy way to troubleshoot a remote relative’s computer or grab files from home. At least two computers need Chrome installed, with one serving as the “source” machine providing an access code to the second machine.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
macOS Sonoma public beta review: more than just screensavers
Craig Federighi introducing macOS Sonoma at Apple's Worldwide Developers Conference (WWDC) in June 2023.

It’s that time of year again when Apple launches all of its new operating systems into public beta and invites a brave public to sift through bugs and crashes to find the nuggets of gold that Apple has been working on. With macOS Sonoma now in public beta, the big question is this: should you upgrade your Mac?

Well, this year’s update has been a rather modest one, with few truly standout features. After all, you know it’s an unexceptional update when Apple leads its list of new features in macOS Sonoma with screen savers.

Read more
How macOS Sonoma could fix widgets — or make them even worse
Apple's 15-inch MacBook Air on a desk, with macOS Sonoma running on its display.

At its Worldwide Developers Conference (WWDC) earlier this year, Apple revealed that interactive widgets would be coming to macOS Sonoma. That probably sounds like a tiny new feature, and sure, it’s not as earth-shattering as the Vision Pro announcement. But it could turn out to be one of the most divisive new features in the Mac operating system.

In macOS Sonoma, you’ll be able to plant widgets on your desktop instead of hiding them in the Notification Center. Many widgets will be interactive, letting you tick off to-do list items without opening the widget’s app, for example. And you’ll be able to run iOS widgets right on your desktop, even if that app isn’t installed on your Mac. It’s a pretty comprehensive overhaul. Depending on how well these interactive widgets work, though, we could be left with a bunch of annoying distractions or a set of super-helpful timesavers. The way Apple handles them is going to be vital.
We've been here before

Read more
Will my Mac get macOS 14?
MacOS Sonoma.

MacOS 14 is coming and coming soon, and thanks to Apple's big keynote address at WWDC 2023, we now know what it can do, what it's called, and who can get it. The next generation Mac operating system is codenamed Sonoma, and it's bringing gaming to macOS in a big way, as well as improving video calls, and security. It's going to be available for most modern Mac and MacBook users, but there are some legacy systems that are unfortunately being left out in the cold.

Wondering if your Mac can get macOS 14? Here's everything we know about what Macs are and aren't compatible with Sonoma.

Read more