МacOS flaw exposes portions of encrypted emails2019-11-08 18:02 by Daniela
Tags: Mac OS
A recently discovered vulnerability in the macOS Mail app caused by Siri that currently affects Catalina and the previous three releases means that users' encrypted emails actually aren't. Apple is working on a fix for the bug.
The vulnerability was shared by Bob Gendler, an Apple-focused IT specialist, in a Medium blog published on Wednesday. Gendler says that while trying to figure out how macOS and Siri suggest information to users, he found macOS database files that store information from Mail and other apps which are then used by Siri to better suggest information to users. That isn't too shocking in and of itself — it makes sense that Apple needs to reference and learn from some of your information to provide you better Siri suggestions.
This issue affects a limited number of people in practice, and is not something that macOS users should generally worry about. It requires customers to be using macOS and the Apple Mail app to send encrypted emails. It does not impact those who have FileVault turned on, and a person who wanted to access the information would also need to know where in Apple's system files to look and have physical access to a machine.
Those concerned about this issue can prevent data from being collected in the snippets.db database by opening up System Preferences, choosing the Siri section, selecting Siri Suggestions & Privacy, choosing Mail and then turning off "Learn from this App." This will stop new emails from being added to snippets.db but won't remove those that have already been included.
Read more -here-