Dark Mode
Capec-498 Detail
Probe iOS Screenshots
Detailed Software
Parents: 545
An adversary examines screenshot images created by iOS in an attempt to obtain sensitive information. This attack targets temporary screenshots created by the underlying OS while the application remains open in the background.
These images are used by iOS to aid in the visual transition between open applications and improve the user's experience with a device. An application can be at risk even if it properly protects sensitive information when at rest. If the application displays sensitive information on the screen, then the potential exists for iOS to unintentionally record that information in an image file. An adversary can retrieve these images either by gaining access to the image files, or by physically obtaining the device and leveraging the multitasking switcher interface. This attack differs from CAPEC-648, which targets intentional screenshots initiated by an end-user that are stored in the device's storage.
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-498 | capec | https://capec.mitre.org/data/definitions/498.html | |
| CWE-359 | cwe | http://cwe.mitre.org/data/definitions/359.html | |
| REF-426 | reference_from_CAPEC | Jonathan Zdziarksi, Hacking and Securing iOS Applications (First Edition), 2012, O'Reilly Media, Inc. |
Not present
- This type of an attack requires physical access to a device to either excavate the image files (potentially by leveraging a Jailbreak) or view the screenshots through the multitasking switcher (by double tapping the home button on the device).
Not present
Not present
Not present
Not present