I’m exploring the RFB protocol used by VNC connections on macOS. In the initial part of the handshake, as described in the spec, the server returns a list of security types it supports. Connecting to my iMac running macOS 10.15.6, I get the following list: 30, 33, 36, 35. Looking at the IANA registrations for this protocol, 30-35 are assigned to Apple, and 36 is “Unassigned.”
Are there any publicly-available resources to understand the security implementation of the built-in VNC server on macOS? I see a blog post about it from 2011 (I can’t add the link here for some reason), but nothing newer and I suspect the authentication methods have improved since then.
Are there any publicly-available resources to understand the security implementation of the built-in VNC server on macOS? I see a blog post about it from 2011 (I can’t add the link here for some reason), but nothing newer and I suspect the authentication methods have improved since then.