A recently discovered flaw in how macOS handles screenshot data could be used to spy on users and what they do on their computers without any notice as to the invasion of privacy.
Allow me a moment to put on my foil hat.
Do you ever get the feeling that you're being watched? That everywhere you go and everything you do is being recorded? With recording devices of all shapes and sizes on virtually every piece of technology we collectively use, it's not inconceivable to feel that we are monitored extensively on the daily.
SEE: Information security policy (Tech Pro Research)
And while there isn't much that can be done about other people's devices trained on us, we can take comfort in protecting our data that is stored on our devices, like our Mac laptops, right? And yet, with complex passwords, data encryption, and even tunneled VPN connections to keep our data from getting into the wrong hands, a flaw in how macOS apps process screenshots can be used to gain access to our password-protected accounts, read email correspondence, or obtain private photos... all silently in the background.
This isn't the work of malware or a maliciously crafted attack from threat actors—it comes down to how developers use the screenshot code that is implemented into many apps for any number of reasons. As of this writing, there aren't any threats that appear to have weaponized this into an attack, though it's only a matter of time before someone devises a way to abuse this privacy loophole.
So how can users protect themselves against this macOS flaw? Felix Krause, the security researcher that detected the flaw, wrote on his security blog, "To my knowledge there is no way to protect yourself as of now." This indicates that addressing this flaw will likely need to come from Apple in a future update.
SEE: Essential reading for IT leaders: 10 books on cybersecurity (free PDF) (TechRepublic)
There is currently no ETA as to when or if Apple will address this privacy issue. In the meantime, you can limit exposure to your private data by only using applications from trusted developers—or, to put it another way, do not install apps from unknown or unsolicited sources.
While the tip above won't necessarily prevent your data from being spied upon, it can narrow the pool of available apps that would have access to it until a proper solution is developed by Apple.
- In security update, Apple backports Meltdown fix to older macOS versions (ZDNet)
- Stupid, stupid macOS security flaw grants admin access to anyone (ZDNet)
- Video: These are the major cyber-threats to the MacOS environment (TechRepublic)
- 4 steps all Mac users should take to secure their data (TechRepublic)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
Do you cover your webcams with tape or disable your microphone when not in use? What are some of your best out-of-the-box tips to ensure your privacy while using computers? Please share them in the comments section.