NSEvent global monitor should require user consent
| Originator: | keithbsmiley | ||
| Number: | rdar://27516321 | Date Originated: | 24-Jul-2016 13:43 |
| Status: | Open | Resolved: | |
| Product: | OS X SDK | Product Version: | OS X 10.11.5 |
| Classification: | Security | Reproducible: | Always |
Summary: Currently any application without warning can call `NSEvent.addGlobalMonitorForEventsMatchingMask` to capture any type of event they desire on the system. There is no way to know what apps are doing this, and what information they are capturing. This includes every single keyDown event with the key that was pressed, meaning they can silently create a functional keylogger (with the exception of secure text fields) Steps to Reproduce: 1) Register a monitor with `NSEvent.addGlobalMonitorForEventsMatchingMask(.KeyDownMask)` (or any other mask you would like) Expected Results: You are prompted by OS X to allow the application to use this monitor Actual Results: If you being behaving as normal on your machine, you can see that your monitor callback is fired with every single keyDown event, and the key that was pressed. Version: OS X 10.11.5 Notes: - I believe there are some consumers of this API that are using it because of the lack of alternatives to achieve things such as idle timers (rdar://26886501) in these cases an alternative more secure API should be provided.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!