"Hey Siri" support and possibly wireless charging case alongside AirPower charging mat.
OS X Spotlight Glitch Exposes IP Addresses and Other System Details to Spammers
A privacy glitch in Spotlight search for OS X may leak private details, including IP addresses, to email spammers. The flaw was first reported by German tech news site Heise and replicated in tests performed by IDG News Service.
The issue affects OS X mail users who have followed conventional security recommendations to turn off the "load remote content in messages" option in the Mail app. This setting prevents the loading of remote content such as images, including "tracking pixels" that are used by spammers to harvest information when people open an email.
A glitch arises when OS X Mail users utilize Spotlight search in OS X, which includes emails in the search results. Spotlight ignores the remote content block preference from Mail and loads the remote email files as part of the search process. Once Spotlight loads one of these tracking pixels, spammers can glean details such as the IP address, OS X version, browser details, and the version of Quick Look being used.
The issue affects OS X mail users who have followed conventional security recommendations to turn off the "load remote content in messages" option in the Mail app. This setting prevents the loading of remote content such as images, including "tracking pixels" that are used by spammers to harvest information when people open an email.
A glitch arises when OS X Mail users utilize Spotlight search in OS X, which includes emails in the search results. Spotlight ignores the remote content block preference from Mail and loads the remote email files as part of the search process. Once Spotlight loads one of these tracking pixels, spammers can glean details such as the IP address, OS X version, browser details, and the version of Quick Look being used.
The Spotlight preview loads those files even when users have switched off the "load remote content in messages" option in the Mail app, a feature often disabled to prevent email senders from knowing if an email has arrived and if it has been opened. What's more, Spotlight also loads those files when it shows previews of unopened emails that landed directly in the junk folder.Currently, the only way to block this information leak is to block Spotlight from including emails in search results entirely by opening System Preferences and unchecking the "Mail & Messages" option for Spotlight. Apple has yet to comment on this Spotlight privacy glitch.
Tag: Spotlight
[ 102 comments ]
Top Rated Comments
(View all)
53 months ago
Oh for goodness sake, don't let them know my version is Yosemite and what browser I'm using! And, *gasp*, the version of QUICK LOOK?! This is an outrage.
/s
I don't think you understand what the article means.
Let me explain. If you block the tracking pixel from loading, the spammer will never realize that you received the email, and may eventually stop sending them. If they do realize that you receive the email, then they can get your IP address, know that the email address is valid, cross reference your purchasing habits with your IP address, and target you specifically with Facebook ads.
That's a major gaping privacy hole in OS X that needs to be patched.
53 months ago
Oh for goodness sake, don't let them know my version is Yosemite and what browser I'm using! And, *gasp*, the version of QUICK LOOK?! This is an outrage.
/s
/s
53 months ago
Another reason not to use the crappy mail app. Now I know why I have always stuck to using the webmail interface.
Will Apple ever get their act together and overhaul the damn app and actually make it usable?
Will Apple ever get their act together and overhaul the damn app and actually make it usable?
53 months ago
As I've said before in other threads. Regardless of whether or not this is "harmful" to some or all - if there's a security issue and it's known, it should be fixed. End of story. No judgement. Simple as that.
53 months ago
Am I the only one that rarely uses Spotlight? Don't get me wrong, I love spotlight especially the revamped one in 10.10. However, I just don't think about Spotlight when launching an application or searching for files. I mostly just hit the Launchpad shortcut on my keyboard and use the terminal for searching for/in files.
I guess I just need to force myself to use it more often and hopefully after a while I'll launch more by reflex.
I guess I just need to force myself to use it more often and hopefully after a while I'll launch more by reflex.
53 months ago
I'm going to go back to using Alfred I think.
This new Spotlight has been rubbish for me - it seems to ignore the ordering I have for results (I want bookmarks top) and if I open the wrong file via Spotlight search, it remembers it so when I search again, even though the file I opened doesn't explicitly match my search and another file does, it lists the wrong file at the top. It shouldn't remember it just because I did it once!
This new Spotlight has been rubbish for me - it seems to ignore the ordering I have for results (I want bookmarks top) and if I open the wrong file via Spotlight search, it remembers it so when I search again, even though the file I opened doesn't explicitly match my search and another file does, it lists the wrong file at the top. It shouldn't remember it just because I did it once!
53 months ago
Another reason not to use the crappy mail app. Now I know why I have always stuck to using the webmail interface.
Will Apple ever get their act together and overhaul the damn app and actually make it usable?
You're comment is hilarious! LOL Webmail like Gmail and Yahoo is often a worse offender and gives all kinds of info away. try again HAHAHA!
53 months ago
I don't think you understand what the article means.
Let me explain. If you block the tracking pixel from loading, the spammer will never realize that you received the email, and may eventually stop sending them. If they do realize that you receive the email, then they can get your IP address, know that the email address is valid, cross reference your purchasing habits with your IP address, and target you specifically with Facebook ads.
That's a major gaping privacy hole in OS X that needs to be patched.
That is actually very untrue. The majority of the spam computers that send out those spam emails have no way of monitoring your specific email account. They don't track if the email is valid, either. If they get a bounce back saying the email doesn't exist, they still continue to send repeated emails. They also aren't going to waste the time calculating "if you opened your email and read the ad", they're going to send you continual ads regardless.
Scam pixels are often used just for overall statistics, like "20% of the people we send ads to are in this part of the world using this version of OS X".
This would also require that a DIFFERENT version of the spam pixel is loaded for each email, so they could uniquely target each person they send the email to. It's much more cost-efficient to just send out mass emails, rather than track each of the millions of emails individually.
[ Read All Comments ]
For those of you who like to rearrange the Home screen on your iPhone and iPad to organize your apps, you might be interested to know that there's a handy little hidden feature for moving...
Commonwealth Bank (CBA) today implemented support for Apple Pay, making it the second of Australia's "Big Four" banks to offer the payments service. CBA is the biggest retail bank in...
Netflix today launched a new Instagram integration that's designed to allow Instagram users to share their favorite movies and TV shows in Stories, reports Variety.
The feature can be used...
Twitter today announced that it has started rolling out a new, simplified interface on the web, which is available to some users starting today.
The updated interface features a two-column...
Alongside the release of iOS 12.1.3, the latest update to the iOS 12 operating system, Apple has released new 12.1.13 software that's designed for the HomePod.
The new HomePod software will...
Apple today released watchOS 5.1.3, the fourth update to the watchOS 5 operating system that runs on modern Apple Watch models. watchOS 5.1.3 comes more than a month after the release of watchOS...
Apple today released macOS Mojave 10.14.3, the third update to the macOS Mojave operating system that first launched in September. macOS 10.14.3 comes six weeks after the launch of macOS Mojave...
Apple today released tvOS 12.1.2, the fourth update to the tvOS 12 operating system designed for the fourth and fifth-generation Apple TV models. tvOS 12.1.2 comes more than a month after the launch...
