Fix macOS Mail Vulnerability: There’s a vulnerability within the macOS version of the Apple Mail app. It leaves a number of the text of encrypted emails unencrypted, consistent with a report from IT specialist Bob Gendler.
According to Gendler:
the snippets.db database file used by a macOS function. When Siri is disabled contact suggestions stores encrypted emails in an unencrypted format.
Gendler initially discovered the bug on July 29 and reported it to Apple. Apple said that it was looking into the issue, though no fix ever came. The vulnerability continues to exist in macOS Catalina and earlier versions of macOS dating back to the macOS Sierra.
Let me say that again… The snippets.db database are storing encrypted Apple Mail messages…
Readable, even with Siri disabled, without requiring the private key. Most would assume that disabling Siri would stop macOS from collecting information on the user. This is a big deal.This is a big deal for governments, corporations and regular people. As would trade secrets and proprietary data.
Apple tells The Verge that it has been made aware of the issue and will address it in a future software update.
This issue affects a limited number of people in practice. It is not something that macOS users should generally worry about. As it requires customers to be using macOS and the Apple Mail app to send encrypted emails. It does not impact those who have FileVault turned on. And a person who wanted to access the information would also need to know where in Apple’s system files to look and have physical access to a machine.
Those who concern about this issue can prevent data from being collected in the snippets. Because, database by opening up System Preferences, choosing the Siri section, selecting Siri Suggestions & Privacy, choosing Mail and then turning off ” Learn from this App.” But This will stop new emails from being added to snippets.db but won’t remove those that have already been included.
Apple told The Verge that customers who want to avoid unencrypted snippets being read by other apps can avoid giving apps full disk access in macOS Catalina. Turning on FileVault will also encrypt everything on the Mac.
For further queries and questions let us know in the comment section below!