Security Bug In OS X Exposes Private Details Of Apple Mail Users

OS X Yosemite Spotlight bug

A security bug in the search software in Apple's OS X Yosemite can expose private details of apple mail users. The bug allows anyone to get IP address and other details of apple mail users.

When people use the Spotlight Search feature, it shows previews of emails and when it does this, it automatically loads external images linked in HTML email.


According to the German technology news site Heise, "The Spotlight preview loads those files even when users have switched off the "load remote content in messages" option in the Mail app."


Spammers and phishers exploits this bug by using a technique -"tracking pixels" - A link to a one-pixel-square GIF file, in their email, which sends information back to the sender when an email is opened and the external image is loaded.


To fix the issue uncheck the "Mail & Messages" box via System Preferences > Spotlight, or you can switch to third-party apps (Google Sparrow or Mailbox).

No comments

Powered by Blogger.