Ever since standing against the US government and refusing to crack open an iPhone locked by Touch ID, Apple has been pushing its stance on privacy and security quite heavily. Unfortunately, Apple has had a couple of security missteps along the way that fly in the face of that. Most recently, one researcher found a way to view unencrypted versions of emails sent via Apple’s Mail app on macOS.
Bob Gendler detailed the issue on a Medium post after giving Apple a 100-day window to fix the issue. Apple’s Mail app on macOS is supposed to encrypt emails but in order to help Siri learn more about the user, chunks of outgoing emails are saved in a non-encrypted form in a database file called ‘snippets.db’.
In terms of real world security, this isn’t a huge problem as an attacker would need local access to a macOS system without FileVault active. Then if you can access the database file, it doesn’t save full outgoing emails in unencrypted form, but rather ‘portions’ of emails.
Still, given that Apple has had such a high profile stance on privacy and data encryption, something like this does cause some concern. Gendler notes that his findings were sent to Apple back in July but the issue has remained unfixed. In the meantime, Apple has recently told The Verge that this issue will be fixed in an upcoming macOS update.
Discuss on our Facebook page, HERE.
KitGuru Says: Apple needs to do a better job of getting out ahead of issues like this before they are made public. In the meantime, if you are a mac user, you can change the apps Siri analyses on your machine through the system preferences menu.