Apple to Fix macOS Mail Vulnerability That Leaves Text of Some Encrypted Emails Readable

There's a vulnerability in the macOS version of the Apple Mail app that leaves some of the text of encrypted emails unencrypted, according to a report from IT specialist Bob Gendler (via The Verge).

According to Gendler, the snippets.db database file used by a macOS function that offers up contact suggestions stores encrypted emails in an unencrypted format, even when Siri is disabled on the Mac.

In this email, Gendler demonstrates that the private key has been made unavailable in Mail, rendering the message unreadable. It continues to be available in the database, though.

Gendler initially discovered the bug on July 29 and reported it to Apple. Over the course of several months, Apple said that it was looking into the issue, though no fix ever came. The vulnerability continues to exist in macOS Catalina and earlier versions of macOS dating back to macOS Sierra.
Let me say that again... The snippets.db database is storing encrypted Apple Mail messages...completely, totally, fully -- UNENCRYPTED -- readable, even with ‌Siri‌ disabled, without requiring the private key. Most would assume that disabling ‌Siri‌ would stop macOS from collecting information on the user. This is a big deal.

This is a big deal for governments, corporations and regular people who use encrypted email and expect the contents to be protected. Secret or top-secret information, which was sent encrypted, would be exposed via this process and database, as would trade secrets and proprietary data.
Apple told The Verge that it has been made aware of the issue and will address it in a future software update. Apple also said that only portions of some emails are stored, and provided Gendler with instructions on preventing data from being stored by the snippets database.

This issue affects a limited number of people in practice, and is not something that macOS users should generally worry about. It requires customers to be using macOS and the Apple Mail app to send encrypted emails. It does not impact those who have FileVault turned on, and a person who wanted to access the information would also need to know where in Apple's system files to look and have physical access to a machine.

Still, as Gendler points out, this particular vulnerability "brings up the question of what else is tracked and potentially improperly stored without you realizing it."

Those concerned about this issue can prevent data from being collected in the snippets.db database by opening up System Preferences, choosing the ‌Siri‌ section, selecting ‌Siri‌ Suggestions & Privacy, choosing Mail and then turning off "Learn from this App." This will stop new emails from being added to snippets.db but won't remove those that have already been included.

Apple told The Verge that customers who want to avoid unencrypted snippets being read by other apps can avoid giving apps full disk access in ‌macOS Catalina‌. Turning on FileVault will also encrypt everything on the Mac.

Full details on the vulnerability can be read in Gendler's Medium article.

Tag: Mail

Top Rated Comments

(View all)

2 weeks ago


Apple has so many bugs now. What a shame. They’re all marketing now


Don't worry Tim's on the case...

Season 2 of The Morning Show will feature 20% more Apple logos.
Rating: 17 Votes
2 weeks ago


This is overblown. S/MIME = HTTPS for e-mail. Encryped webpages are cached and indexed all the time.

Bob Gendler is acting like S/MIME is some super-high security protocol where it isn't. It doesn't protect "Secret or top-secret information".

The point is if you do something do it properly. What else is overblown by your definition? It is just bad attitude to have period.
Rating: 14 Votes
2 weeks ago


Who doesn't have FileVault turned on???

Me.
Rating: 12 Votes
2 weeks ago
Who doesn't have FileVault turned on???
Rating: 9 Votes
2 weeks ago


You missed my point. As I said, we index and cache encrypted webpages all the time for user features.

This is a false equivalence. Unless you actually break the end-to-end encryption (e.g. by forcing the user to accept a new root certificate), you can only index encrypted web page content that is accessible without prior authentication. Encrypted email should *never* be readable by anyone but the addressee, neither in transit nor at rest.

This is absolutely a big deal in corporate environments. Full disc encryption is not a replacement, since e.g. it might be decryptable to admins who should not have access to another employee's protected emails.
Rating: 6 Votes
2 weeks ago
Given Apple's track record on fixing Mail problems I'd not expect this to be fixed until, well, ever?
Rating: 6 Votes
2 weeks ago


Don't worry Tim's on the case...

Season 2 of The Morning Show will feature 20% more Apple logos.

. . . and 15% more emojis!
Rating: 5 Votes
2 weeks ago


Dude, even if FileVault is disabled, systems with the T2 chip will encrypt all volumes, but protected only by the hardware UID (absent the combo of user password and hardware UID).

"If FileVault isn’t enabled on a Mac with the T2 chip during the initial Setup Assistant process, the volume is still encrypted, but the volume key is protected only by the hardware UID in the Secure Enclave. If FileVault is enabled later—a process that is immediate since the data was already encrypted—an anti-replay mechanism prevents the old key (based on hardware UID only) from being used to decrypt the volume. The volume is then protected by a combination of the user password with the hardware UID as previously described." [Apple T2 Security Chip Overview]

Live and learn, and pray that the T2 chip does not crap out.


The T2 chip is physical ransomware
Rating: 5 Votes
2 weeks ago


This is overblown. S/MIME = HTTPS for e-mail. Encryped webpages are cached and indexed all the time.

Bob Gendler is acting like S/MIME is some super-high security protocol where it isn't. It doesn't protect "Secret or top-secret information".


The point is if you do something do it properly. What else is overblown by your definition? It is just bad attitude to have period.

I first wanted to agree with, but konqerror is actually right. S/MIME is used to protect the mail in transit and on the server (!), much like PGP. Once the message is arrived it may as well be stored unencrypted within the mail client/OS -or at least thats the point at which S/MIME is no longer supposed to protect confidentiality.
Anyone with even low level of security requirement has drive encryption on these days.
If you don‘t have drive encryption, you generally risk stuff being indexed in the search database or ending up in some temp folder unencrypted. That‘s exactly what happened here...
Even with Apple Mail not indexing the mails, if the user opens an attachment from an email, or worse, drags it to the desktop, it will get indexed and it will lose it‘s S/MIME encryption. That‘s why S/MIME is only good protection until the mail arrives at its destination. Beyond that, drive encryption or some similar technology needs to take over.
Rating: 5 Votes
2 weeks ago
Good find but hopefully affecting very few since hard to imagine customers that go through the conscious effort and sending encrypted emails wouldn’t also have file vault enabled which prevents this bug from happening. Odd though that Apple was informed it previously and didn’t do anything about it or perhaps with all the other security bugs out there the use case was so small that they decided to put much lower on the list?
Rating: 4 Votes

[ Read All Comments ]