Apple caught leaking encrypted emails via macOS: Details here
Despite betting big on privacy, Apple hasn't been able to deliver the 'super secure' experience that we all expected. There have been plenty of issues in iOS 13, and now, in another scary case, the macOS has joined the list. Multiple reports have indicated that the platform carries a security flaw that's been exposing encrypted Apple Mail messages inadvertently. Here's all about it.
Encrypted Apple Mail messages exposed through macOS file
Just recently, IT specialist Bob Gendler revealed that macOS has been storing encrypted email messages from Apple Mail inside a database file, called snippets.db, located in the user-level Library folder. The researcher claimed that the file, designed to help Siri suggest information to users, was found hosting email messages in plain text (without requiring a private key), even when Siri was disabled on Mac.
Only partial messages are being exposed
While the issue is scary, it's imperative to note that it doesn't expose complete email messages, only a part of them, and affects only those who're using Apple Mail on macOS to send encrypted emails and have FileVault's whole drive encryption turned off. Also, the flaw only affects select four versions of macOS - from Sierra to the all new Catalina.
Still, this opens a possibility of attack
Despite affecting a small chunk of users, the issue leaves the possibility of an attack where any hacker having physical access to your system and knowing where to look can find sensitive email information. This can then result in private information being compromised, including financial details that often leads to cases of financial fraud and online theft.
Here's Gendler said about the issue
"This is a big deal for governments, corporations and regular people who use encrypted email and expect the contents to be protected. Secret or top-secret information, which was sent encrypted, would be exposed via this process and database, as would trade secrets and proprietary data."
Apple acknowledged the issue, promised a fix
Meanwhile, Apple has acknowledged the issue, saying it's aware of the bug, which has been exposing select email portions. The company said it will be patching the loophole but didn't provide any specific release timeline. So, for now, you can prevent information exposure by heading over to System Preferences > Siri > Siri Suggestions & Privacy > Mail and disabling "Learn from this app".
