Article 4TZP2 Apple Will Fix macOS Flaw Exposing Portions of Encrypted Emails

Apple Will Fix macOS Flaw Exposing Portions of Encrypted Emails

by
Fnord666
from SoylentNews on (#4TZP2)

upstart writes:

Submitted via IRC for Runaway1956

Apple will fix macOS flaw exposing portions of encrypted emails

Apple is touting its claimed privacy advantage more than ever, but that's not entirely true for Mac users at the moment. The company tells Engadget it will fix a macOS flaw that leaves portions of encrypted Mail messages unprotected. Bob Gentler has discovered that a database file used by Siri (snippets.db) was storing text from emails that were otherwise supposed to be protected -- even if you remove the private key that prevents you from reading the app in Mail. While it's not the full message, it could still pose problems if a hacker has access to your system and is trawling for sensitive info.

The vulnerability exists in at least the last four versions of macOS, ranging from Sierra to Catalina.

This isn't as glaring a flaw as it sounds. To be vulnerable, you'd have to use Mail, send encrypted messages from Mail and leave FileVault's whole-drive encryption turned off. If you rely on a third-party email client or use FileVault, you're not affected. You can also remove Mail from snippets.db by going to System Preferences > Siri > Siri Suggestions & Privacy > Mail and switching off the "learn from this app" option. It's not clear when the patch will be ready, but you won't have to stay exposed in the meantime.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments