Skip to main content

Apple Mail on MacOS flaw leaves supposedly encrypted messages unprotected

A vulnerability that was discovered on the macOS version of Apple Mail is compromising the security of supposedly encrypted messages, but Apple said a fix is on the way.

The flaw, which was shared by Apple-focused IT specialist Bob Gendler, was found on the four most recent MacOS releases, namely Catalina, Mojave, High Sierra, and Sierra. He found macOS database files that include information from Apple Mail, which is then utilized by digital assistant Siri to make suggestions. Unfortunately, one of the files, named snippets.db, is storing the unencrypted text of the emails.

Related Videos

Only a small number of people are affected by the issue. The user needs to be sending encrypted emails from Apple Mail on macOS Sierra to macOS Catalina, with FileVault not activated to encrypt the entire system. The person who wants to read the unencrypted emails will also need to know exactly where the information is stored in the computer’s system files and will need to have access to it.

However, for the affected users, the risk is massive. Encrypted emails are protected for a reason, such as to keep confidential information safe, so any chance that they may be compromised is a big deal.

“It brings up the question of what else is tracked and potentially improperly stored without you realizing it,” Gendler said.

Apple is aware of the issue and said that a fix is on the way through a future software update. Gendler, however, noted that he reported the issue on July 29, but Apple did not respond until November 5.

While waiting for the flaw to be patched, a suggested workaround is to disable the Learn from this App option under the Mail option of the Siri Suggestions & Privacy menu, which is found in Siri’s section in System Preferences. This is just a temporary solution though, as it only stops new emails from being included in the compromised snippets.db file.

The encryption vulnerability follows another issue with macOS Catalina’s Apple Mail app, specifically missing or incomplete messages after upgrading to the latest macOS release, as well as messages going blank after moving them between mailboxes. Similar problems also appeared after upgrading iPhones to iOS 13.

Editors' Recommendations

Grammarly’s new ChatGPT-like AI generator can do a lot more than proofread your writing
GrammarlyGO's Rewrite for Length feature is shown.

Grammarly, one of the biggest names in writing tools, is adding AI-generated text to its repertoire on the heels of the wild popularity of ChatGPT. Known as GrammarlyGO, this new tool is focused on improving writing rather than replacing the writer.

GrammarlyGO will roll out in beta form to existing users in April. All tiers, including developers, business, education, and premium users, will have access. You can even use GrammarlyGO with a free account.

Read more
4 Windows 11 accessibility features that make it easier for everyone to use
Person using Windows 11 laptop on their lap by the window.

Windows 11 feature some big updates for Microsoft's storied operating system visually, but it has made big strides in accessibility as well. Live Captions, updates to the Narrator, and even full voice access might make Windows 11 the most accessible OS Microsoft has ever released.

Regardless of it you need accessibility features to navigate Windows 11 or if you just want to make getting around a little easier, we tried out a slew of features to bring you our favorites. If you want to browse the full list, you can find it by opening the Settings app in Windows 11 and selecting the Accessibility tab.
Live captions

Read more
Microsoft Edge opens AI-upscaled video to AMD graphics cards
The Microsoft Edge browser is open on a Surface Book 2 in tablet mode.

Microsoft is rolling out a new super resolution for its Edge browser, but unlike Nvidia's recently announced RTX Video Super Resolution, Microsoft's take works with AMD graphics cards.

Edge is taking the same name. Video Super Resolution (VSR) leverages AI to upscale videos directly in your browser. Microsoft's announcement reads, "It accomplishes this by removing blocky compression artifacts and upscaling video resolution so you can enjoy crisp and clear videos on YouTube and other streaming platforms that play video content without sacrificing bandwidth."

Read more