Felix Krause, founder of fastlane.
Krause says that any Mac app, sandboxed or not, has the ability to take screenshots of your screen silently without you knowing, accessing every pixel of all displays even if the app is in the background. Those images can then be fed through OCR software to read the text on the screen.
What’s the worst that could happen?
● Read password and keys from password managers
● Detect what web services you use (e.g. email provider)
● Read all emails and messages you open on your Mac
● When a developer is targeted, this allows the attacker to potentially access sensitive source code, API keys or similar data
● Learn personal information about the user, like their bank details, salary, address, etc.
To do this, a Mac developer simply needs to use CGWindowListCreateImage to generate a capture of the complete screen.
Krause has filed a radar to notify Apple about the issue. Please follow iClarified on Twitter, Facebook, Google+, or RSS for updates.