Researchers found a total of 37 security vulnerabilities impacting four open-source Virtual Network Computing (VNC) implementations and present for the last 20 years, since 1999.
The flaws were found in LibVNC, TightVNC 1.X, TurboVNC, and UltraVNC VNC solutions examined by Kaspersky's Industrial Systems Emergency Response Team (ICS CERT) security researcher Pavel Cheremushkin — the highly popular RealVNC as not analyzed because it did not allow reverse engineering.
These VNC systems can be used on a wide range of operating systems including but not limited to Windows, Linux, macOS, iOS, and Android.
A VNC implementation consists of two parts, a client and a server, allowing the users to remotely access a machine running the VNC server with the help of a VNC client using the RFB protocol to transmit "screen images, mouse movement and keypress events".
