Apple to Fix macOS Mail Vulnerability That Leaves Text of Some Encrypted Emails Readable

by

There's a vulnerability in the macOS version of the Apple Mail app that leaves some of the text of encrypted emails unencrypted, according to a report from IT specialist Bob Gendler (via The Verge).

According to Gendler, the snippets.db database file used by a macOS function that offers up contact suggestions stores encrypted emails in an unencrypted format, even when Siri is disabled on the Mac.

mailencryptionissue

In this email, Gendler demonstrates that the private key has been made unavailable in Mail, rendering the message unreadable. It continues to be available in the database, though.

Gendler initially discovered the bug on July 29 and reported it to Apple. Over the course of several months, Apple said that it was looking into the issue, though no fix ever came. The vulnerability continues to exist in macOS Catalina and earlier versions of macOS dating back to macOS Sierra.

Let me say that again... The snippets.db database is storing encrypted Apple Mail messages...completely, totally, fully -- UNENCRYPTED -- readable, even with Siri disabled, without requiring the private key. Most would assume that disabling Siri would stop macOS from collecting information on the user. This is a big deal.

This is a big deal for governments, corporations and regular people who use encrypted email and expect the contents to be protected. Secret or top-secret information, which was sent encrypted, would be exposed via this process and database, as would trade secrets and proprietary data.

Apple told The Verge that it has been made aware of the issue and will address it in a future software update. Apple also said that only portions of some emails are stored, and provided Gendler with instructions on preventing data from being stored by the snippets database.

This issue affects a limited number of people in practice, and is not something that macOS users should generally worry about. It requires customers to be using macOS and the Apple Mail app to send encrypted emails. It does not impact those who have FileVault turned on, and a person who wanted to access the information would also need to know where in Apple's system files to look and have physical access to a machine.

Still, as Gendler points out, this particular vulnerability "brings up the question of what else is tracked and potentially improperly stored without you realizing it."

Those concerned about this issue can prevent data from being collected in the snippets.db database by opening up System Preferences, choosing the ‌Siri‌ section, selecting ‌Siri‌ Suggestions & Privacy, choosing Mail and then turning off "Learn from this App." This will stop new emails from being added to snippets.db but won't remove those that have already been included.

Apple told The Verge that customers who want to avoid unencrypted snippets being read by other apps can avoid giving apps full disk access in macOS Catalina. Turning on FileVault will also encrypt everything on the Mac.

Full details on the vulnerability can be read in Gendler's Medium article.

Tag: Apple Mail

Popular Stories

Home Hub Command Center with Dome Base Feature

Apple Working on All-New Operating System

Saturday August 16, 2025 6:45 am PDT by
Apple is developing an all-new operating system codenamed "Charismatic," according to Bloomberg's Mark Gurman. Apple smart home hub concept This is likely Apple's long-rumored "homeOS" operating system. In a report this week, Gurman said both Apple's rumored smart home hub in 2026 and tabletop robot in 2027 will run the new operating system. He said the software platform will blend...
Read Full Article118 comments
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Max's Internal Design With Metal Battery Allegedly Leaks

Friday August 15, 2025 9:13 am PDT by
Alleged images of the iPhone 17 Pro Max's internal design have surfaced, offering a potential look inside the device before it is announced by Apple next month. The images were shared by the account "yeux1122" this week, in a blog post on the Korean platform Naver. The account aggregates Apple rumors and leaks, so it is likely not the original source of the images, and it is unclear if they...
Read Full Article71 comments
apple beta 26 lineup

Mark Gurman Responds to Last Week's Apple Device Leaks

Sunday August 17, 2025 7:03 am PDT by
Last week, Apple released and then pulled a software tool that accidentally contained identifiers for many unreleased devices and chips, according to MacRumors contributor Aaron Perris. His findings included new models of the Studio Display, Apple TV, Apple Watches, Apple Vision Pro, iPad mini, HomePod mini, and more. Here is what was uncovered in the file, according to MacRumors contributor ...
Read Full Article112 comments
Apple Watch Ultra 2 Complications

Apple Watch Reportedly Set to Receive 'Significant Redesign' Next Year

Friday August 15, 2025 1:31 pm PDT by
At least one new Apple Watch model launching next year will feature a "significant redesign," according to Taiwanese supply chain publication DigiTimes. In a paywalled report this week, citing supply chain insiders, DigiTimes claimed that a high-end 2026 Apple Watch model will feature "exterior design" changes, including but not limited to "eight sensors arranged in a ring pattern visible...
Read Full Article93 comments
Golden Apple Logo

Every Apple Secret That Leaked Wednesday

Thursday August 14, 2025 4:13 am PDT by
Apple made a major slip Wednesday when it accidentally included hardware identifiers in software code linking to numerous unannounced products. The leaked information provided MacRumors with concrete evidence of Apple's hardware development across multiple product categories. Here's everything that was confirmed through the code discoveries: New HomePod mini with updated chip – New...
Read Full Article54 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

Alleged iPhone 17 Pro Chassis Offers First Look at All-Aluminum Body

Thursday August 14, 2025 3:40 am PDT by
An alleged iPhone 17 Pro production leak may provide a first look at the device's milled all-aluminum chassis, which this year includes the camera bump – in contrast to last year's iPhone 16 Pro model that features a glass camera module attached to an all-glass back panel. Originally shared by leaker Majin Bu, the image below could be of a moulding, but it still lines up with rumors that...
Read Full Article96 comments
apple design award 2025

Apple Announces 2025 Design Award Winners Ahead of WWDC 2025

Tuesday June 3, 2025 10:14 am PDT by
As we wait for WWDC to kick off next Monday, Apple today announced the winners of its annual Apple Design Awards, recognizing apps and games for their innovation, ingenuity, and technical achievement. The 2025 Apple Design Award winners are listed below, with one app and one game selected per category: Delight and Fun - CapWords (App) and Balatro (Game) Innovation - Play (App) and PBJ -...
Read Full Article25 comments

Top Rated Comments

Khedron Avatar
Khedron
75 months ago

Apple has so many bugs now. What a shame. They’re all marketing now
Don't worry Tim's on the case...

Season 2 of The Morning Show will feature 20% more Apple logos.
Score: 17 Votes (Like | Disagree)
Dovydas Avatar
Dovydas
76 months ago

This is overblown. S/MIME = HTTPS for e-mail. Encryped webpages are cached and indexed all the time.

Bob Gendler is acting like S/MIME is some super-high security protocol where it isn't. It doesn't protect "Secret or top-secret information".
The point is if you do something do it properly. What else is overblown by your definition? It is just bad attitude to have period.
Score: 14 Votes (Like | Disagree)
dickie001x Avatar
dickie001x
76 months ago

Who doesn't have FileVault turned on???
Me.
Score: 12 Votes (Like | Disagree)
SDJim Avatar
SDJim
76 months ago
Who doesn't have FileVault turned on???
Score: 9 Votes (Like | Disagree)
Rigby Avatar
Rigby
76 months ago

You missed my point. As I said, we index and cache encrypted webpages all the time for user features.
This is a false equivalence. Unless you actually break the end-to-end encryption (e.g. by forcing the user to accept a new root certificate), you can only index encrypted web page content that is accessible without prior authentication. Encrypted email should *never* be readable by anyone but the addressee, neither in transit nor at rest.

This is absolutely a big deal in corporate environments. Full disc encryption is not a replacement, since e.g. it might be decryptable to admins who should not have access to another employee's protected emails.
Score: 6 Votes (Like | Disagree)
jasnw Avatar
jasnw
75 months ago
Given Apple's track record on fixing Mail problems I'd not expect this to be fixed until, well, ever?
Score: 6 Votes (Like | Disagree)
Read All Comments