MacBook bug could allow hackers to access your account WITHOUT a password

Posted on March 19, 2018.

The bug, which was flagged by Check Point Research, means that hackers could easily access your account, without even needing a password

A worrying new bug has been discovered in the Mac version of the Google Chrome Remote Desktop application.

The bug, which was flagged by Check Point Research , means that hackers could easily access your account, without even needing a password.

The Google Chrome Remote Desktop app is an extension for the Chrome browser designed to let you access your computer from another desktop or smartphone.

But according to Check Point Research, a bug within Apple ’s MacOS operating system allows hackers to login as a guest and access the desktop of an active user, without entering a password.

The main account holder must have guest access enabled for it to work.

A spokesperson for Check Point Research said: “To exploit this bug, once a Guest user connects to a remote desktop machine, the machine should have at least one active user in session.

“In the login screen, a user then clicks on the ‘Guest’ icon and, since a guest does not require a password, the system will proceed.

“What is expected to happen is that the local user that connects remotely to a macOS machine will receive the desktop of a ‘Guest.

“But while this is what appears in the remote machine, the local machine (the Chrome extension) receives the desktop of the other active user session, which in this case is an admin on the system, without ever entering the password.”

While Check Point Research has reported the issue to Google, the firm says it doesn’t plan to fix it, because ‘the login screen is not a security boundary.’

Mirror Online has contacted Google for comment.

Source: mirror