Advertisements
<pre><pre>Apple and Microsoft are working together on the new app iCloud for Windows

Apple puts much of its reputation in how it protects the privacy of its users, because it wants to be the only technology company you trust. But if you send encrypted emails from Apple Mail, there is currently a way to read some of the text from those emails as if they were unencrypted – and Apple has been reported to have been aware of this vulnerability for months. without offering a solution.

Advertisements

Before we continue, you should know that this probably only affects a small number of people. You must use macOS, Apple Mail, send encrypted e-mails from Apple Mail does not already use FileVault to encrypt your entire system and knows exactly where to find this information in Apple's system files. If you were a hacker, you also needed access to those system files.

Apple tells The edge it is aware of the problem and says it will solve this in a future software update. The company says that on its own share of emails are saved. But the fact that Apple somehow still leaves parts of encrypted emails open while they are explicitly encrypted is of course not good.

The vulnerability was shared by Bob Gendler, an Apple-focused IT specialist, in one Average blog published on Wednesday. Gendler says that while trying to figure out how macOS and Siri suggest information to users, he found macOS database files that store information from Mail and other apps that are then used by Siri to better suggest information to users. That is not too shocking in itself – it makes sense that Apple should refer to and learn from some of your information in order to give you better Siri suggestions.

But Gendler discovered that one of those files, snippets.db, the unencrypted text from emails that were supposed to be encrypted. Here is an image that he shared that is useful to explain what is going on:


Image: Bob Gendler

The circle on the left is around an encrypted e-mail that Gendler's computer cannot read because Gendler says he has removed the private key that would normally allow him to do that. But in the circle on the right you can distinguish the text of that encrypted e-mail in snippets.db.

Gendler says he tested the four most recent macOS releases – Catalina, Mojave, High Sierra, and Sierra – and could read snippets.db-encoded email on all versions. I was able to confirm the existence of snippets.db and found that it was saved sharing some of my Apple Mail emails. However, I could not find a way to get excerpts. Db to store encrypted emails that I have sent to myself.

Advertisements

Gendler first reported the problem to Apple on July 29, and said that until November 5 – 99 days later – he didn't get a response with a solution from the company, despite repeated follow-ups. And although Apple has updated each of the four versions of macOS where Gendler has noticed the vulnerability in the months since he noticed, none of these updates contained a solution to the problem.

If you want to prevent emails currently being collected in snippets.db, Apple tells us that you can do this by going to System Preferences> Siri> Siri Suggestions & Privacy> Email and "Learning from this app" from to switch. this solution for Gendler – but he says this solution will only stop new emails are added to snippets.db. If you want to make sure that older e-mails that may be stored in snippets.db can no longer be scanned, you may also have to delete that file.

If you want to prevent these non-coded snippets from being read by other apps, Apple says you can't give full disk access in macOS Catalina – and you probably have very few apps with full disk access. Apple also says that enabling FileVault will encrypt everything on your Mac if you want to be extra secure.

Again, this vulnerability is unlikely to affect so many people. But if you trust Apple Mail and believe that your Apple Mail emails were 100 percent encrypted, it seems that this is not the case. As Gendler says, "It raises the question of what else is being tracked and possibly stored incorrectly without you noticing."