Saturday, April 17, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Apple Mail on macOS leaves parts of encrypted emails in plaintext

November 9, 2019
in Internet Security
Apple Mail on macOS leaves parts of encrypted emails in plaintext
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Bob Gendler

The Apple Mail app on macOS stores encrypted emails in plaintext inside a database called snippets.db.

The issue was discovered earlier this year by an Apple IT specialist named Bob Gendler.

You might also like

Security crucial as 5G connects more industries, devices

Google releases Chrome 90 with HTTPS by default and security fixes

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

The issue is not fixed at the time of writing, although Gendler told the company about it back in July. A fix is coming, according to tech news site The Verge; however, Apple did not provide a timeline.

Apple Mail + Siri = bad

The bug occurs because of a Siri feature that allows Apple’s voice assistant to provide information for contacts, following an owner’s request.

According to Gendler, Siri uses a process called “suggestd” to scrape various apps for contact information. Whatever it finds, it stores inside the snippets.db file, where it keeps the data on hand, in case the user ever wants a contact suggestion.

Over the summer, Gendler discovered that if users had configured Apple Mail to send and receive encrypted email, Siri would collect a plaintext version of the user’s emails, and store them inside this database.

“This is a big deal. This is a big deal for governments, corporations and regular people who use encrypted email and expect the contents to be protected,” Gendler said in a blog post published this week.

“Secret or top-secret information, which was sent encrypted, would be exposed via this process and database, as would trade secrets and proprietary data,” he said.

How to prevent Siri from scraping your emails

Gendler says the issue was present on all macOS versions from Sierra to the latest Catalina.

The Mac IT expert says that disabling Siri doesn’t do anything, as the “suggestd” process keeps scraping emails to have them ready the next time Siri was enabled.

The only way to prevent Siri from scraping encrypted emails is to specifically tell it not to read content from Apple Mail.

“There are 3 ways to disable these processes from learning from Apple Mail,” Gendler said. They are:

1) Go to System Preferences → Siri → Siri Suggestions & Privacy, and then uncheck the box for Apple Mail.

2) Run from the Mac Terminal the following command (as a normal user, no admin access needed):

defaults write com.apple.suggestions SiriCanLearnFromAppBlacklist -array com.apple.mail

3) Deploy a System-Level (for all users) configuration profile to turn off Siri from learning from Apple Mail.

Gendler said the third option is permanent, as a future OS update won’t accidentally re-enable Siri’s email scraping.

A final step, Gendler said, is to remove the snippets.db file. Telling Siri to stop scraping Apple Mail content doesn’t automatically delete this file, so users will need to do it themselves. The file is located in “/Users/(username)/Library/Suggestions/”.

Credit: Zdnet

Previous Post

Attacks against machine learning — an overview

Next Post

Email marketing: Infrastructure intelligence - MarTech Today

Related Posts

Security crucial as 5G connects more industries, devices
Internet Security

Security crucial as 5G connects more industries, devices

April 17, 2021
Google releases Chrome 90 with HTTPS by default and security fixes
Internet Security

Google releases Chrome 90 with HTTPS by default and security fixes

April 17, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

April 17, 2021
Google Project Zero testing 30-day grace period on bug details to boost user patching
Internet Security

Google Project Zero testing 30-day grace period on bug details to boost user patching

April 17, 2021
Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
Next Post
Email marketing: Infrastructure intelligence – MarTech Today

Email marketing: Infrastructure intelligence - MarTech Today

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence
Internet Privacy

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

April 17, 2021
10 Popular Must-Read Free eBooks on Machine Learning
Machine Learning

10 Popular Must-Read Free eBooks on Machine Learning

April 17, 2021
Security crucial as 5G connects more industries, devices
Internet Security

Security crucial as 5G connects more industries, devices

April 17, 2021
Relay Therapeutics pays $85M for startup with a new AI tech for drug discovery
Machine Learning

Relay Therapeutics pays $85M for startup with a new AI tech for drug discovery

April 17, 2021
Google releases Chrome 90 with HTTPS by default and security fixes
Internet Security

Google releases Chrome 90 with HTTPS by default and security fixes

April 17, 2021
ML Scaling Requires Upgraded Data Management Plan
Machine Learning

ML Scaling Requires Upgraded Data Management Plan

April 17, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence April 17, 2021
  • 10 Popular Must-Read Free eBooks on Machine Learning April 17, 2021
  • Security crucial as 5G connects more industries, devices April 17, 2021
  • Relay Therapeutics pays $85M for startup with a new AI tech for drug discovery April 17, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates