Remote desktop certainly lets a miscreant in.
Looking at the description, I'm pretty confident that this also lets in all forms of remote access that use macOS accounts to authenticate.
Not a member of The Register?
Create a new account
Remember me on this computer?
The Register - Independent news and views for the tech community. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
Biting the hand that feeds IT © 1998–2019