Apple has released iOS 17.2.1 and macOS Sonoma 14.2.1. Notably, the latter includes a patch for a vulnerability with screen sharing that can show others content from random “spaces” on your Mac when it looks like your desktop is empty. Here are the details.
Apple shared a general description of the flaw and fix in a post on its Security Updates page:
Impact: A user who shares their screen may unintentionally share the incorrect content
Description: A session rendering issue was addressed with improved session tracking.
Craig Hockenberry, founder of Iconfactory, shared he discovered the bug and reported it to Apple in the middle of November. He shared his findings in a Mastodon post:
Pro tip: Don’t use Screen Sharing in macOS Sonoma 14.2.
It shares random windows in other Spaces with whoever is on the other end of the line. If you think your desktop is completely empty, it isn’t.
As you can see below, this could range from embarrassment to leaking private data.
I reported this about a month ago (FB13398611) and can’t believed it shipped. Same with the window manager bug in 14.1. I liked macOS better when point releases weren’t full of breaking changes without workarounds.
No CVE entries were included with iOS 17.2.1 and iOS 16.7.4 that launched today. There were also no other Mac updates for those running Ventura or earlier – so it appears this flaw was limited to macOS Sonoma.
FTC: We use income earning auto affiliate links. More.
Comments