Menu
Glitch in OS X search can expose private details of Apple Mail users

Glitch in OS X search can expose private details of Apple Mail users

Performing a Spotlight search opens email previews that load external images, even when the Mail client is asked not to do this

A glitch in the search software in Apple's OS X Yosemite can expose private details of Apple Mail users, revealing their IP address as well as other system details to spammers, phishers and online tracking companies.

The potential privacy risk appears when people use the Spotlight Search feature, which also indexes emails received with the Apple Mail email client. When searching a Mac, Spotlight shows previews of emails and when it does this, it automatically loads external images linked in HTML email.

The Spotlight preview loads those files even when users have switched off the "load remote content in messages" option in the Mail app, a feature often disabled to prevent email senders from knowing if an email has arrived and if it has been opened. What's more, Spotlight also loads those files when it shows previews of unopened emails that landed directly in the junk folder.

Opening external files can reveal private data to email senders. Senders often include so-called tracking pixels, usually a link to a one-pixel-square GIF file, in their email, which sends information back to the sender when an email is opened and the external image is loaded. Those pixels are often used by email marketeers to gather data.

The potential privacy issue was first reported by German tech news site Heise, and has been replicated by the IDG News Service by sending several emails with tracking pixels to a mail address linked to Apple Mail. A preview of the unopened emails was shown by Spotlight, which revealed to the operator of the server hosting the pixels the receiver's IP address, current OS version and some details about the browser used as well as the version of Quick Look, a program that let's users preview a document.

An IP address can reveal someone's location, although this is not always very accurate. Meanwhile, knowing more details about a user's system could potentially be interesting information for hackers.

At the moment, the only way to work around the issue seems to be to uncheck the "Mail & Messages" box for Spotlight in System Preferences. When this option is disabled no mails are returned in Spotlight's search results, and thus, no preview is shown.

We asked Apple why the "load remote content in messages" Mail privacy setting does not apply to mail shown in Spotlight searches, as users can reasonably expect it does, and asked if it is planning to fix this issue. Apple did not immediately respond.

(With additional reporting by Lucian Constantin of IDG News Service.)

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityprivacyAppleoperating systemssoftwareapplicationse-mailMac OS

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments