What you need to know
- Apple says it is aware of an email encryption bug in macOS Catalina.
- It plans to fix the problem in a future update.
- The problem meant that in certain cases, emails were being stored locally as unencrypted files.
Apple has said it is aware of an email encryption bug in macOS Catalina, and that it plans to fix the problem in a future update.
As reported by The Verge, a vulnerability was discovered by Apple IT-specialist Bob Gendler in Apple's Mail application for macOS. Whilst exploring how macOS and Siri curates information to suggest to users, he discovered that Mail and other apps store information which Siri uses to tailor its suggestions. One file, snippets.db, was apparently storing unencrypted text of emails that should have been encrypted. Even after removing the private key so as to prevent him reading encrypted emails, he found that the text of the email could still be viewed in snippets.db. The problem reportedly affects Catalina, Mojave, High Sierra, and Sierra.
According to the report:
The Verge also notes that the issue, whilst concerning, may have only affected a very small number of people.
You can stop Siri collecting emails in snippets.db by going to System Preference > Siri > Siri Suggestions and Privacy > Mail. Simply unselect "Learn From this App." Gendler suggests that this will not remove any older emails that may have already been stored, those will need to be deleted manually. Turning on FileVault will also ensure everything on your Mac is encrypted.
As The Verge notes, this vulnerability won't affect many people but does call into question Apple Mail's encryption. Gendler also said:
There is no indication as to a timeline for Apple's fix, so if you're concerned about this bug just now, FileVault and Siri's Privacy settings are the way to go.
Get the best of iMore in in your inbox, every day!
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9
Who doesn't use FileVault? It's kind of a no-brainer if you have a relatively fast Mac, and you really care about security.
I'm glad that I found how to turn this thing off with Siri, but it's the first time I'm hearing about FireVault. I use Surfshark VPN to secure my online browsing and device, but I guess I'll need to look more into what FireVault is and does.
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.