Title

The macOS system must disable the Screen Sharing feature. (Cat II impact)

Discussion

The Screen Sharing feature allows remote users to view or control the desktop of the current user. A malicious user can take advantage of screen sharing to gain full access to the system remotely, either with stolen credentials or by guessing the username and password. Disabling Screen Sharing mitigates this risk.

Check Content

Verify the macOS system is configured to disable the Screen Sharing feature with the following command: /usr/bin/sudo /bin/launchctl print-disabled system | /usr/bin/grep com.apple.screensharing "com.apple.screensharing => disabled" If "com.apple.screensharing" is not set to "disabled", this is a finding.

Fix Text

Configure the macOS system to disable the Screen Sharing service with the following command: /usr/bin/sudo /bin/launchctl disable system/com.apple.screensharing The system may need to be restarted for the update to take effect.

Additional Identifiers

Rule ID: SV-257213r905272_rule

Vulnerability ID: V-257213

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.