A vulnerability discovered in the MacOS version of Apple Mail jeopardizes the security of pseudo-encrypted messages, but Apple said a fix is on the way.
The vulnerability, shared by Apple-focused IT expert Bob Gendler, was found in the four latest MacOS versions. These versions include Catalina, Mojave, High Sierra and Sierra. Bob Gendler found macOS database files containing information from Apple Mail and then used them to make suggestions by digital assistant Siri. Unfortunately, one of the files, snippets.db, kept unencrypted text of emails.
Only a small number of people are affected. Users can send encrypted emails from Apple Mail in MacOS Sierra to macOS Catalina, which does not have encryption enabled with FileVault. Anyone who wants to read unencrypted e-mails also needs to know and access exactly where the information is stored in the computer’s system files.
The risk for users affected by this vulnerability is enormous. Encrypted emails are protected to keep confidential information secure. Therefore, it is very likely that those whose confidential information is revealed will be in danger. “This raises the question of what else can be viewed and hiding in a potentially inappropriate way, G Gendler said.
Apple is preparing to fix the problem
Apple is aware of the problem and said the fix is on the way with a future software update. However, Gendler, the subject reported on July 29, but Apple did not respond until November 5 said.
While waiting for the flaw to be corrected, a recommended solution is to disable the Learn from This Application option under Mail in the Siri Suggestions and Privacy menu in Siri’s System Preferences section. This is only a workaround because it only stops new emails from being included in the compromised snippets.db file.
After upgrading to the latest version of macOS, the encryption vulnerability also tracks macOS Catalina’s Apple Mail application’s missing or incomplete messages, as well as another problem with messages that are emptied after moving between mailboxes. After upgrading iPhones to iOS 13, similar problems arose.