It comes across that macOS has been discovered to include another security hole, this time targets at the Mail app, wherein one can read som...
It comes across that macOS has been discovered to include another security hole, this time targets at the Mail app, wherein one can read some of the text of those emails as if they were unencrypted.
The finding was made by an Apple IT expert Bob Gendler, who claims that the vulnerability makes part of the text of an encrypted email unencrypted, despite the root of the vulnerability—Siri is disabled on Mac, macOS's snippets.db database file stores encrypted emails in an unencrypted format.
The Verge reports that Apple has acknowledged to it that it is aware of the security issue and will address it in a future software update.
Fortunately, this hole only affects a small number of people, it requires one to use macOS and Apple Mail app to send encrypted emails, and will not affect those who have activated FileVault.
Users who are concerned about it can go to Siri Suggestions & Privacy, choosing Mail and then turning off "Learn from this App." This will cause new emails not to be added to snippets.db, but will not delete the included emails.
The finding was made by an Apple IT expert Bob Gendler, who claims that the vulnerability makes part of the text of an encrypted email unencrypted, despite the root of the vulnerability—Siri is disabled on Mac, macOS's snippets.db database file stores encrypted emails in an unencrypted format.
I was able to confirm the existence of snippets.db, and found that it stored portions of some of my emails from Apple Mail. I couldn’t find a way to get snippets.db to store encrypted emails I sent to myself, though.Gendler first discovered the Mail bug on July 29 and reported it to Apple. In the past few months, the company said it is investigating the security hole. But this vulnerability still exist ts in macOS Catalina and earlier versions of macOS, including macOS Sierra, which released in 2016, or more than 3 years ago.
The Verge reports that Apple has acknowledged to it that it is aware of the security issue and will address it in a future software update.
Fortunately, this hole only affects a small number of people, it requires one to use macOS and Apple Mail app to send encrypted emails, and will not affect those who have activated FileVault.
Users who are concerned about it can go to Siri Suggestions & Privacy, choosing Mail and then turning off "Learn from this App." This will cause new emails not to be added to snippets.db, but will not delete the included emails.
COMMENTS