large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Troubling macOS Mail app flaw dents Apple’s new privacy push

Apple launched a brand new privacy offensive this week, with a revamped website designed to promote the company’s vow that it is head and shoulders above the rest when it comes to keeping your data safe.

Trouble is, when you go all-out like that, you kind of have to live up to it. And word of a flaw that could expose Mac users’ encrypted emails probably wasn’t welcomed at Infinite Loop. Apple has vowed to fix the admittedly obscure issue that leaves the macOS stock Mail app vulnerable from the current Catalina release, all the way back to 2016’s Sierra.

Related: Best MacBook 2019

The issue was discovered by IT specialist Bob Gendler, who posted his findings to his Medium blog. Worryingly, he reported the issue to Apple way back on July 29, which means Apple has known about it for some time now.

Gendler says he discovered that a database file used by Siri was gobbling up text from emails, potentially leaving them accessible to a hacker who gained access to a Mac. There are some pretty specific circumstances to be met in order to fall victim to the vulnerability, though, so it’s unlikely many users have been exposed.

If you are encrypting your whole hard drive in FileVault, for instance, you’re fine. You also have to be using and sending encrypted messages from the Mail app. The problem does not affect those who’re using third-party email clients.

As a workaround, discovered by Gendler, it’s possible to remove Mail from the troublesome snippets.db file accessed by Siri. All you need to do is head to System Preferences > Siri > Siri Suggestions & Privacy > Mail. Then you can turn off the “learn from this app” option for the Mail app.

Apple hasn’t said if anybody has been affected by the bug and did not tell The Verge when the fix will roll out. What’s more worrying is the 100 days Apple knew about the vulnerability before pledging to do something about it.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.