Sandboxed Mac apps can take screenshots of the full screen
Originator: | KrauseFx | ||
Number: | rdar://37423927 | Date Originated: | February 10 2018 |
Status: | Open | Resolved: | |
Product: | Product Version: | ||
Classification: | Reproducible: | Always |
Area: App Sandbox Summary: Any Mac app, sandboxed or not sandboxed can: - Take screenshots of your Mac silently without you knowning - Access every pixel, even if the Mac app is in the background - Use basic OCR software to read the text on the screen Steps to Reproduce: 1. Create a new Mac project 1. ```objective-c CGImageRef screenShot = CGWindowListCreateImage(CGRectInfinite, kCGWindowListOptionOnScreenOnly, kCGNullWindowID, kCGWindowImageDefault); NSBitmapImageRep *bitmapRep = [[NSBitmapImageRep alloc] initWithCGImage:screenShot]; ``` 1. See the full screen of the user in the `bitmapRep` variable Expected Results: This shouldn't be possible for sandboxed Mac applications, without extra permission. Actual Results: Any Mac app can read the content of the whole screen, making it easy to parse the text using basic OCR software. Version/Build: Xcode 9.1 Configuration:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!