Skip to main content

Apple Mail on MacOS flaw leaves supposedly encrypted messages unprotected

A vulnerability that was discovered on the macOS version of Apple Mail is compromising the security of supposedly encrypted messages, but Apple said a fix is on the way.

Recommended Videos

The flaw, which was shared by Apple-focused IT specialist Bob Gendler, was found on the four most recent MacOS releases, namely Catalina, Mojave, High Sierra, and Sierra. He found macOS database files that include information from Apple Mail, which is then utilized by digital assistant Siri to make suggestions. Unfortunately, one of the files, named snippets.db, is storing the unencrypted text of the emails.

Please enable Javascript to view this content

Only a small number of people are affected by the issue. The user needs to be sending encrypted emails from Apple Mail on macOS Sierra to macOS Catalina, with FileVault not activated to encrypt the entire system. The person who wants to read the unencrypted emails will also need to know exactly where the information is stored in the computer’s system files and will need to have access to it.

However, for the affected users, the risk is massive. Encrypted emails are protected for a reason, such as to keep confidential information safe, so any chance that they may be compromised is a big deal.

“It brings up the question of what else is tracked and potentially improperly stored without you realizing it,” Gendler said.

Apple is aware of the issue and said that a fix is on the way through a future software update. Gendler, however, noted that he reported the issue on July 29, but Apple did not respond until November 5.

While waiting for the flaw to be patched, a suggested workaround is to disable the Learn from this App option under the Mail option of the Siri Suggestions & Privacy menu, which is found in Siri’s section in System Preferences. This is just a temporary solution though, as it only stops new emails from being included in the compromised snippets.db file.

The encryption vulnerability follows another issue with macOS Catalina’s Apple Mail app, specifically missing or incomplete messages after upgrading to the latest macOS release, as well as messages going blank after moving them between mailboxes. Similar problems also appeared after upgrading iPhones to iOS 13.

Aaron Mamiit
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
I’d never use a Mac without first changing these 8 security settings
Security and Privacy settings open on a MacBook.

If you’ve got one of the best MacBooks or Macs, the chances are good that you do an awful lot of sensitive stuff on your computer. Think about all the passwords you enter, the emails you send and receive, and the documents you create -- all of those can provide a treasure trove of data to any sticky-fingered ne’er-do-wells who manage to gain access to your device.

To prevent the worst from happening, it’s a good idea to beef up your Mac security. The good news is that doing so is far easier than you might think, and there are a handful of macOS settings you can change right now to keep your Mac -- and all the information it holds about you -- safe from prying eyes.

Read more
A new malware threat to macOS adds to the data-stealing surge
Apple MacBook Pro 16 downward view showing keyboard and speaker.

If you still think Macs are inherently safe from malware, think again.

Mac users have another threat to worry about. Cthulhu Stealer, a new Mac malware threat, tries to steal sensitive data such as passwords and cryptocurrency wallets, Cado Security reports in a blog post. The malware threat disguises itself as authentic software to gather login credentials.

Read more
I finally tried Apple Intelligence in macOS Sequoia to see if it lived up to the hype
The redeisgned Siri user interface in macOS Sequoia.

For the last few years, Apple’s macOS releases have been interesting, if not particularly exciting. But that’s all set to change this year with the launch of macOS Sequoia, and it’s all thanks to one feature: Apple Intelligence.

Apple’s artificial intelligence (AI) platform has the potential to completely change how you use your Mac on a daily basis. From generating images, rewriting emails, and summarizing your audio recordings to revamping Siri into a much more capable virtual assistant, Apple Intelligence could be the most significant new macOS feature in years.

Read more