• Home
  • macOS
  • News
  • Security
  • Apple Has a Fix on the Way for macOS Mail Vulnerability That Leaves Text of Some Encrypted Emails Readable

Apple Has a Fix on the Way for macOS Mail Vulnerability That Leaves Text of Some Encrypted Emails Readable

Apple Has a Fix on the Way for macOS Mail Vulnerability That Leaves Text of Some Encrypted Emails Readable

A vulnerability has been discovered in the macOS version of the Apple Mail app which leaves some of the text in an encrypted email unencrypted. Apple says it will address the vulnerability in a future software update.

IT specialist Bob Gendler (via The Verge) says the snippets.db database file used by a macOS function that offers up contact suggestions stores encrypted emails in an unencrypted format, even when Siri is disabled on the Mac.

Gendler discovered the bug on July 29 and reported it to Apple. During the next several months, Apple said it was investigating the issue, but no fix was forthcoming. The vulnerability is present in macOS Catalina, and versions of macOS dating back to Sierra.

Let me say that again… The snippets.db database is storing encrypted Apple Mail messages…completely, totally, fully — UNENCRYPTED — readable, even with ‌Siri‌ disabled, without requiring the private key. Most would assume that disabling ‌Siri‌ would stop macOS from collecting information on the user. This is a big deal.

This is a big deal for governments, corporations and regular people who use encrypted email and expect the contents to be protected. Secret or top-secret information, which was sent encrypted, would be exposed via this process and database, as would trade secrets and proprietary data.

When contacted by The Verge, Apple said it has been made aware of the issue and will address it in a future software update. Apple also noted that only portions of some emails are stored, and that it had provided Gendler with instructions on preventing data from being stored by the snippets database.

While serious, the issue affects a limited number of users in real world situations, as it requires users to be using macOS and the Apple Mail app to send encrypted emails. It does not impact users who have FileVault turned on, and an inquisitive type would need to know where in Apple’s system files to look and have physical access to a machine.

However, the vulnerability, in Gendler’s words “brings up the question of what else is tracked and potentially improperly stored without you realizing it.”

Users that want to stop emails from being collected in snippets.db right now, can do so by going to “System Preferences” -> “Siri” -> “Siri Suggestions & Privacy” -> “Mail” and toggling off “Learn from this App.” This will prevent new emails from being added to snippets.db, but won’t remove those that have already been included.

Customers who want to avoid unencrypted snippets being read by other apps can avoid giving apps full disk access in ‌macOS Catalina‌. Turning on FileVault will also encrypt everything on the Mac.

Full details on the vulnerability are available in Gendler’s Medium article.

(Image via Bob Gendler)

  1. 205221 197977Spot on with this write-up, I truly suppose this internet site needs significantly a lot more consideration. probably be once more to learn way much more, thanks for that information. 85954

  2. 637137 518644Id really should speak to you here. Which is not some thing I do! I quite like reading a post which will make folks believe. Also, numerous thanks permitting me to comment! 539233

  3. benelli r1 says:

    718386 919398Outstanding post, I think blog owners should larn a great deal from this internet site its rattling user friendly . 641474

  4. Excellent weblog publish. I Totally enjoy This page. Many thanks!

  5. Hey There. I uncovered your weblog the use of msn. That is definitelya very neatly published report. I’ll be sure youbookmark it and return to browse far more of the handy data.Many thanks with the post. I will certainly return.

  6. bjur sso says:

    Thank you, I have just been searching for information approximately this topic for ages and yours is the best I have discovered so far. However, what about the bottom line? Are you positive about the supply?

  7. Hey, thanks for the blog article.Thanks Again. Fantastic.

  8. I think this is a real great blog article. Awesome.

  9. Really informative blog article.Really looking forward to read more. Awesome.

  10. I think this is a real great blog article.Thanks Again. Much obliged.

  11. You have brought up a very excellent points, appreciate it for the post.Here is my blog post freeholmes.com

  12. What’s Happening i’m new to this, I stumbled upon this I have discovered It positively helpfuland it has helped me out loads. I hope to contribute & help different customerslike its aided me. Good job.

  13. Great article post. Really Cool.

  14. I truly appreciate this blog article.Really thank you! Much obliged.

  15. Candles says:

    Fantastic blog post.Really thank you! Will read on…

  16. A big thank you for your article.Much thanks again.

  17. Thank you for your post. Cool.

  18. I am so grateful for your blog. Awesome.

  19. Manhattan says:

    Looking forward to reading more. Great blog.Thanks Again. Fantastic.

  20. see says:

    Strauss, a former film marketer, acknowledges that Disney+ is beginning modest when it comesto originals and will ramp up over time.

  21. Thanks for the article post.Really thank you! Fantastic.

  22. Very informative blog. Great.

  23. Thank you for your blog post.Thanks Again. Really Cool.

  24. Awesome article post.Really looking forward to read more. Much obliged.

  25. A round of applause for your article.Much thanks again. Really Cool.

  26. Appreciate you sharing, great article post.Really looking forward to read more. Awesome.

  27. This is one awesome blog post.Much thanks again. Really Great.

  28. ssstiktok says:

    Really informative article post.Really looking forward to read more. Great.

  29. chord gitar says:

    I am so grateful for your article post. Much obliged.

  30. I appreciate you sharing this article.Much thanks again. Great.

  31. I really like and appreciate your blog. Great.

  32. Hey, thanks for the post.Much thanks again.

  33. I cannot thank you enough for the article.Really thank you! Really Great.

  34. Im grateful for the blog article.Really looking forward to read more. Fantastic.

  35. Heya i am for the first time here. I came across this board and I find It truly useful & it helped me out much. I hope to give something back and aid others like you helped me.

  36. Thanks for the blog.Really thank you!

  37. Muchos Gracias for your article.Really thank you! Awesome.

  38. Very informative blog.Really looking forward to read more. Cool.

  39. Strap On says:

    Thanks a lot for the blog post.Really thank you! Really Great.

  40. This is a very good tip particularly to thosefresh to the blogosphere. Brief but very accurate information… Thanks for sharing this one.A must read post!

  41. Thanks-a-mundo for the article.Really thank you! Want more.

  42. Say, you got a nice blog.Thanks Again. Great.

  43. Very informative blog post.Thanks Again. Really Cool.

  44. An interesting discussion is definitely worth comment. I do think that you need to publish more about this subject matter, it might not be a taboo subject but generally people do not speak about such topics. To the next! Cheers!!

  45. Hey, thanks for the blog article.Really thank you! Much obliged.

  46. Frank Keller says:

    This is one awesome article post.Really thank you! Really Great.

  47. I loved your article post.Really thank you! Want more.

  48. Thanks for sharing, this is a fantastic post.Really looking forward to read more. Much obliged.

  49. I value the blog article.Much thanks again. Cool.

  50. I truly appreciate this article.Thanks Again. Cool.

  51. Thank you for your blog article.Thanks Again. Awesome.

  52. Say, you got a nice post.Much thanks again.

  53. Very good article.Really thank you! Really Great.

  54. Im grateful for the blog.Really thank you! Fantastic.

  55. Appreciate you sharing, great article post.Really looking forward to read more. Want more.

Leave a Reply

Your email address will not be published. Required fields are marked *