A very interesting exploit for Safari was recently demonstrated at the convention for IT security called Pwn2Own, allowing the Touch Bar to be controlled from MacBook Pro. Last year the same researcher exploited Safari in a similar way to control the Touch Bar in the MacBook Pro, and from there other functions of the Mac could be controlled.
The exploit was so good that the researcher who discovered it received a prize worth 65.000 dollars, and the Apple company got rid of a serious headache. Safari is the default browser of macOS, and exploiting it to control various functions of a Mac is something that Apple must prevent, even if some exploits are not published.
"The final attempt on Day One saw Samuel Groß of phoenhex targeting Apple Safari with a macOS kernel EoP. Last year, his exploit involved a touchbar component, and this year proved to be no different. He used a combination of a JIT optimization bug in the browser, a macOS logic bug to escape the sandbox, and finally a kernel overwrite to execute code with a kernel extension to successfully exploit Apple Safari. This chain earned him $65,000 and 6 points towards Master of Pwn. Similar to last year, he left a message for us on the touchbar once he was complete."
Separately, another exploit found in macOS through the Google Chrome Remote Desktop Application allows taking over administrator rights in Apple's operating system. The hacker who gets this access can take control of any other user account, so he can see any kind of information he wants from that Mac, without being stopped by anyone.
Everything works without a password being requested at any time, and those from Google have been warned about this problem discovered in their application. The interesting part is that Google does not want to fix the vulnerability, because it has no interest in doing it , so users who use that application are vulnerable to hackers.
"What is expected to happen is that the local user that connects remotely to a macOS machine will receive the desktop of a 'Guest'. But while this is what appears in the remote machine, the local machine (the Chrome extension) receives the desktop of the other active user session, which in this case is an admin on the system, without ever entering the password."
