Catalin Cimpanu, writing for BleepingComputer: Malicious app developers can secretly abuse a macOS API function to take screenshots of the ’s screen and then use OCR (Optical Character Recognition) to programmatically read the text found in the image. The function is CGWindowListCreateImage, often utilized by Mac that take screenshots or live stream a ’s desktop. According to Fastlane Tools founder Felix Krause, any Mac app, sandboxed or not, can access this function and secretly take screenshots of the ’s screen. Krause argues that miscreants can abuse this loophole and utilize CGWindowListCreateImage to take screenshots of the screen without the user’s permission.

Share on Google+

Read more of this story at Slashdot.