

How does iOS app Display Recorder record the screen without using private API? - transpute
http://stackoverflow.com/questions/11090184/how-does-the-ios-app-display-recorder-record-the-screen-without-using-private-ap

======
transpute
From the SO post, "it is using IOSurface to sneak past sandbox restrictions to
have raw screen access."

From iOS 8.2 security updates:

    
    
      Impact: A malicious application may be able to 
      execute arbitrary code with system privileges
    
      Description: A type confusion issue existed in IOSurface's
      handling of serialized objects. The issue was addressed 
      through additional type checking.
    
      CVE-2015-1061 : Ian Beer of Google Project Zero
    

If any app can escape (by dynamic linking to a private API) sandbox
restrictions on screen recording, can they escape other sandbox restrictions,
e.g. key recording?

