A vulnerability within Apple Mail has led it to store encrypted emails in a plain text database.
The vulnerability is due to a Siri feature will allows Apple’s voice assistant to provide contact information, following a user’s request.
In a blog post, Bob Gendler, an Apple-focused IT specialist, explains that Siri utilises a process named ‘suggestd’ which essentially scrapes applications for contact information. The information found is then stored in the snippets.db file – where the data is kept on hand.
However, Gendler discovered that the snippets.db database was storing emails unencrypted and without needing a private key. Even if Siri was disabled on the Mac, the emails are still left unencrypted.
In a blog post Gendler wrote: “This is a big deal. This is a big deal for governments, corporations and regular people who use encrypted email and expect the contents to be protected. Secret or top-secret information, which was sent encrypted, would be exposed via this process and database, as would trade secrets and proprietary data.”
The issue is said to be present on all macOS versions from Sierra to Catalina.
Gendler added that to prevent Siri from scraping encrypted emails is to stop it learning from Apple Mail, which can be done in three ways:
- By manually clicking the setting: System Preferences → Siri → Siri Suggestions & Privacy → Uncheck the boxes for Apple Mail.
- Run the following command from the Mac Terminal: defaults write com.apple.suggestions SiriCanLearnFromAppBlacklist -array com.apple.mail
- Deploying a system-level configuration profile to turn off Siri from learning from Apple Mail.
Gendler discovered the database on July 25th and since alerting Apple, there has been a security update to macOS Sierra 10.12, security updates to macOS High Sierra 10.13, Supplemental Updates to macOS Mojave 10.14, a security update to macOS Mojave 10.14, macOS Catalina 10.15.0 released, Supplemental Update to 10.15.0, and 10.15.1 release.
“For a company that prides itself on security and privacy, the lack of attention to detail on an issue like this completely and totally surprises me. It brings up the question of what else is tracked and potentially improperly stored without you realizing it.
“For an operating system that you generally have to change controls to make it less secure, this is a setting that requires you to set to make it more secure and behave correctly.
“I also have to wonder why it took 99 days for someone to know the answer on how to prevent this. All parties at Apple were alerted multiple times before writing this blog and giving an ample amount of time before I published this.”
The post #Privacy: Bug found in Apple Mail exposing encrypted context appeared first on PrivSec Report.