What you need to know
- Apple says it is aware of an email encryption bug in macOS Catalina.
- It plans to fix the problem in a future update.
- The problem meant that in certain cases, emails were being stored locally as unencrypted files.
Apple has said it is aware of an email encryption bug in macOS Catalina, and that it plans to fix the problem in a future update.
As reported by The Verge, a vulnerability was discovered by Apple IT-specialist Bob Gendler in Apple's Mail application for macOS. Whilst exploring how macOS and Siri curates information to suggest to users, he discovered that Mail and other apps store information which Siri uses to tailor its suggestions. One file, snippets.db, was apparently storing unencrypted text of emails that should have been encrypted. Even after removing the private key so as to prevent him reading encrypted emails, he found that the text of the email could still be viewed in snippets.db. The problem reportedly affects Catalina, Mojave, High Sierra, and Sierra.
According to the report:
Apple tells The Verge it's aware of the issue and says it will address it in a future software update. The company also says that only portions of emails are stored. But the fact that Apple is still somehow leaving parts of encrypted emails out in the open when they're explicitly supposed to be encrypted, obviously isn't good.
The Verge also notes that the issue, whilst concerning, may have only affected a very small number of people.
You need to be using macOS, Apple Mail, be sending encrypted emails from Apple Mail, not be using FileVault to encrypt your entire system already, and know exactly where in Apple's system files to be looking for this information. If you were a hacker, you'd need access to those system files, too.
You can stop Siri collecting emails in snippets.db by going to System Preference > Siri > Siri Suggestions and Privacy > Mail. Simply unselect "Learn From this App." Gendler suggests that this will not remove any older emails that may have already been stored, those will need to be deleted manually. Turning on FileVault will also ensure everything on your Mac is encrypted.
As The Verge notes, this vulnerability won't affect many people but does call into question Apple Mail's encryption. Gendler also said:
"It brings up the question of what else is tracked and potentially improperly stored without you realizing it."
There is no indication as to a timeline for Apple's fix, so if you're concerned about this bug just now, FileVault and Siri's Privacy settings are the way to go.
We may earn a commission for purchases using our links. Learn more.
More smartphone makers to follow Apple in ditching headphones from boxes
A recent DigiTimes report includes an indication that more smartphone makers will follow Apple's lead in ditching headphones from their smartphone boxes, a move that will benefit sales of true wireless products.
The MagSafe Charger may leave a circular imprint on leather iPhone cases
According to a new Apple Support document, the company is warning those who use a leather case with their iPhone of potential imprints.
Apple Stores get huge neon window dressing to celebrate iPhone 12 launch
Some Apple Stores now have some huge, neon window dressings as the company releases iPhone 12 and iPhone 12 Pro to the world.
Protect your iPad Air 4 and add some personal flair with a great case
The iPad Air 4 is a powerful tablet that will let you do work, play games, and get creative. If you want to get the most out of your iPad Air 4, a well-designed case will go a long way.