Bob Gendler, an IT specialist has found a concerning flaw with the macOS that could have left portions of encrypted emails unprotected. While all of a user’s mail is not visible, the limited visible content could still help a hacker.
The flaw could be considered as a major security flaw and the expert expressed his displeasure by writing on his blog: “For a company that prides itself on security and privacy, the lack of attention to detail on an issue like this completely and totally surprises me.”
Gendler further explained that the flaw was reported by him on July 29th and Apple failed to come up with a solution until November 5th. Apple plans to fix the issue in a future macOS update.
Gendler had discovered a database with information from Apple Mail and other applications that help macOS and Siri to be better at suggesting information. He saw that his S/MIME emails were stored completely unencrypted in a file in snippets.db.
The flaw reportedly exists in four versions of macOS.
There is a temporary solution though. You can stop snippets.db from collecting your emails. Go to System Preferences> Siri> Siri Suggestions & Privacy > Mail, here, you will have to toggle off the “Learn from this App.”