Any Mac app can record your screen at any time without your knowledge, according to Felix Krause, founder of fastlane.
Krause says that any Mac app, sandboxed or not, has the ability to take screenshots of your screen silently without you knowing, accessing every pixel of all displays even if the app is in the background. Those images can then be fed through OCR software to read the text on the screen.
What’s the worst that could happen? ● Read password and keys from password managers ● Detect what web services you use (e.g. email provider) ● Read all emails and messages you open on your Mac ● When a developer is targeted, this allows the attacker to potentially access sensitive source code, API keys or similar data ● Learn personal information about the user, like their bank details, salary, address, etc.
To do this, a Mac developer simply needs to use CGWindowListCreateImage to generate a capture of the complete screen.
Krause has filed a radar to notify Apple about the issue. Please follow iClarified on Twitter, Facebook, or RSS for updates.
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (9)
Comments are closed for this article.
0
mmexus - February 12, 2018 at 3:27pm
To prevent these routines is now APPLE's turn ...
... or does anyone have the desire / an idea to write a small app to uncover the described functions and then delete the septic program?!?
0
Sabtain Aziz - February 11, 2018 at 7:53am
Not being funny or taking Apple’s side but if there was a app detailing all the vulnerabilities found in Windows OS daily it will be a lot more than Mac OS The only difference is a vulnerability found in Mac OS is made breaking news
0
iAmMe - February 11, 2018 at 6:14am
And windows doesn’t? LOL. I’m a developer and it’s pretty much a standard access of any app. Also passwords doesn’t show password unless you click on the show password and besides, it all comes down to “install only the apps you trust.” LOL
0
iAmMe - February 11, 2018 at 6:15am
*password managers doesn’t show passwords by default.
0
iAmMe - February 11, 2018 at 6:16am
And BTW, they can also read clipboard contents. Lol
0
Crock - February 12, 2018 at 7:14pm
Not any Mac app from App Store. Only 3rd party Mac app downloaded from websites so get your story straight
0
iAmMe - February 13, 2018 at 1:13am
LOL. Search for Screen Capture Tool on the Mac AppStore...
![Apple Delays Major Siri AI Upgrade as Testing Reveals Performance Snags [Report]](/images/news/99906/99906/99906-160.jpg "Apple Delays Major Siri AI Upgrade as Testing Reveals Performance Snags [Report]")
![Apple Releases macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 [Download]](/images/news/99905/99905/99905-160.jpg "Apple Releases macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 [Download]")
![Apple Releases iOS 18.7.5 and iPadOS 18.7.5 for Older Devices [Download]](/images/news/99903/99903/99903-160.jpg "Apple Releases iOS 18.7.5 and iPadOS 18.7.5 for Older Devices [Download]")
![Apple Officially Releases macOS Tahoe 26.3 [Download]](/images/news/99901/99901/99901-160.jpg "Apple Officially Releases macOS Tahoe 26.3 [Download]")
![Original AirTag Drops to All-Time Low Price of $17 [Deal]](/images/news/99856/99856/99856-160.jpg "Original AirTag Drops to All-Time Low Price of $17 [Deal]")
![iPad Air (M3) Drops to Lowest Price of the Year at $489.99 [Deal]](/images/news/99843/99843/99843-160.jpg "iPad Air (M3) Drops to Lowest Price of the Year at $489.99 [Deal]")
![Beats Powerbeats Pro 2 Drop to $199.95 [Deal]](/images/news/99815/99815/99815-160.jpg "Beats Powerbeats Pro 2 Drop to $199.95 [Deal]")
![Apple Watch Series 11 Drops Back to All-Time Low of $299 [Deal]](/images/news/99283/99283/99283-160.jpg "Apple Watch Series 11 Drops Back to All-Time Low of $299 [Deal]")
![Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]](/images/news/99794/99794/99794-160.jpg "Apple AirPods 4 With Active Noise Cancellation Drop to $119 [Deal]")
