Apple Mail on MacOS flaw leaves supposedly encrypted messages unprotected
The flaw, which was shared by Apple-focused IT specialist Bob Gendler, was found on the four most recent MacOS releases, namely Catalina, Mojave, High Sierra, and Sierra. He found macOS database files that include information from Apple Mail, which is then utilized by digital assistant Siri to make suggestions. Unfortunately, one of the files, named snippets.db, is storing the unencrypted text of the emails.
Only a small number of people are affected by the issue. The user needs to be sending encrypted emails from Apple Mail on macOS Sierra to macOS Catalina, with FileVault not activated to encrypt the entire system. The person who wants to read the unencrypted emails will also need to know exactly where the information is stored in the computer's system files and will need to have access to it.
However, for the affected users, the risk is massive. Encrypted emails are protected for a reason, such as to keep confidential information safe, so any chance that they may be compromised is a big deal.
“It brings up the question of what else is tracked and potentially improperly stored without you realizing it,” Gendler said.
Apple is aware of the issue and said that a fix is on the way through a future software update. Gendler, however, noted that he reported the issue on July 29, but Apple did not respond until November 5.
While waiting for the flaw to be patched, a suggested workaround is to disable the Learn from this App option under the Mail option of the Siri Suggestions & Privacy menu, which is found in Siri's section in System Preferences. This is just a temporary solution though, as it only stops new emails from being included in the compromised snippets.db file.
The encryption vulnerability follows another issue with macOS Catalina's Apple Mail app, specifically missing or incomplete messages after upgrading to the latest macOS release, as well as messages going blank after moving them between mailboxes. Similar problems also appeared after upgrading iPhones to iOS 13.