macOS Mail App Vulnerability Makes Some Encrypted Email Unencrypted
It was curiosity that triggered Bob Gendler, a specialist in Apple IT, to come across a surprising discovery. Writing on Medium, the specialist detailed how he was able to discover a ‘suggestions’ folder containing multiple files. He later found out that there is vulnerability on the macOS Mail app that provides a way for users to read encrypted emails in plain text database.
It appears that the Cupertino-based tech giant is also aware of the issue and is currently working on a fix. The snippets.db database file is utilized by macOS function that stores mail and details contact suggestions in an unencrypted format. What Gendler discovered is a vulnerability that allows someone to read a part of any encrypted emails.
At first, Gendler uncovered the macOS Mail app bug in Jul. 29, 2019, and immediately reported it to Apple. In a report by The Verge, Apple shared that it is currently looking over ‘the who’ scenario, but as of the moment, it has no fix for the bug yet. Additionally, the macOS Mail app bug fix will resolve the noted issue in a future software update, revealed Apple.
But, as of late, the macOS Mail app vulnerability still exists in the latest macOS Catalina. Apple said that the issue involves storing snippets of emails and detailed instructions on how to prevent data from being gathered by the snippets database. While this issue is something that general users must be worried about, for the entire operation to be successful, the user must be using the macOS Mail app to deliver encrypted emails.
Surprisingly, the macOS Mail app issue does not seem to affect those with FileVault activated. However, the greater question about this issue is what else is tracked and possibly improperly stored without the user realizing it, Gendler pointed out. If you are someone concerned by this kind of issue, there is a fix to the macOS mail app vulnerability.
First, go to System preferences, choose Siri Action, and find Siri Suggestions and Privacy. Select Mail and turn off the Learn From This App. This all you have to do to make sure that your emails are not being added on the snippets database. Apple also said that users could also avoid giving apps full disk access in the latest macOS Catalina update.
© Copyright IBTimes 2024. All rights reserved.