Mac Feature Can Be Hijacked to Spy on Users
Security researcher Felix Krause has discovered a macOS vulnerability that allows cybercriminals to take screenshots of the screen activity and then turn to apps featuring OCR to read the text.
In an analysis on his blog, Krause explains that the CGWindowListCreateImage function can be abused by any Mac app, no matter if it’s sandboxed or not, to take screenshots of the screen without users knowing about it, even when the app itself is running in the background.
The researcher says a potential attacker could get access to all connected monitors, and could eventually be able to read passwords and keys from apps like password managers.
Needless to say, all the other data is exposed as well, including here email messages and personal information, like bank details and contact data. The information in the screenshots cybercriminals take can be automatically extracted with OCR s… (read more)