Apple in macOS 10.15.3 quietly addressed a bug that left some of the text of encrypted emails unencrypted, reports The Verge.
This particular vulnerability was publicized back in November, after IT specialist Bob Gendler found that the snippets.db database file used by a Siri feature to offer up contact suggestions stored encrypted emails in an unencrypted format.
A demonstration from Gendler showing the bug. The image features a private key that has been made unavailable in Mail, rendering the message unreadable. It continues to be available in the database, though.
Gendler reported the bug to Apple in July, but shared details in November after Apple failed to fix it. After the bug was announced to the public, Apple promised that a fix was coming in a future version of macOS.
Only a small number of people were affected by the bug because it required a very specific set of steps to reproduce. It required customers to be using macOS and the Apple Mail app to send encrypted emails. It did not impact those who had FileVault turned on, and a person who wanted to access the information would have also needed to know where in Apple's system files to look and have had physical access to a machine.
Apple didn't mention the bug fix when macOS Catalina 10.15.3 was released last week, but the update does indeed appear address the issue, Gendler told The Verge.
According to Gendler, macOS Catalina 10.15.3 prevents encrypted emails from appearing in Spotlight searches, and the database file that used to include encrypted emails no longer does so.
This particular vulnerability was publicized back in November, after IT specialist Bob Gendler found that the snippets.db database file used by a Siri feature to offer up contact suggestions stored encrypted emails in an unencrypted format.
Gendler reported the bug to Apple in July, but shared details in November after Apple failed to fix it. After the bug was announced to the public, Apple promised that a fix was coming in a future version of macOS.
Only a small number of people were affected by the bug because it required a very specific set of steps to reproduce. It required customers to be using macOS and the Apple Mail app to send encrypted emails. It did not impact those who had FileVault turned on, and a person who wanted to access the information would have also needed to know where in Apple's system files to look and have had physical access to a machine.
Apple didn't mention the bug fix when macOS Catalina 10.15.3 was released last week, but the update does indeed appear address the issue, Gendler told The Verge.
According to Gendler, macOS Catalina 10.15.3 prevents encrypted emails from appearing in Spotlight searches, and the database file that used to include encrypted emails no longer does so.
13 comments
Apple today issued an update on its financial guidance for the March quarter, announcing that the company will not meet its revenue goals due to the impact of the COVID-19 coronavirus epidemic in...
March is the most common month for Apple's spring media events, and the relatively long list of products with rumored imminent updates has pointed toward one of those spring events being held...
Apple this morning shared a trailer for upcoming Apple TV+ science fiction series "Amazing Stories," which is a reimagining of the original 1980s series of the same name.
"Amazing...
We've been hearing for some time that Apple is planning to launch a new low-cost iPhone based on the iPhone 8, but with upgraded internals. This device has been referred to in rumors as the...
Last November, Apple launched new "Replay" playlists within Apple Music, letting its subscribers discover which songs they listened the most to every year they've been using Apple Music....
Rumors have been pointing toward a significant iPad Pro update in the first half of this year, including a new triple-lens rear camera system supporting 3D sensing for immersive augmented reality...
Last week, Taiwanese industry publication DigiTimes made a passing reference to upcoming "AirPod Pro Lite" earphones without offering any details on the product, leading to confusion about...
Following reports of potential production delays on iPhone components and even shipping delays for products like the Mac Pro, DigiTimes reports today that global notebook shipments could fall up to...
