A security flaw is discovered in the macOS Catalina Mail app. A cybersecurity researcher named Bob Gendler found out that the flaw can cause encrypted emails to become unencrypted, allowing hackers and exploiters to access other user’s emails. The flaw affects a few macOS users who are running Catalina, Mojave, High Sierra, and Sierra and don’t use FileVault on their Mac.
Bob Gendler says that the security issue causes the macOS system to store unencrypted parts in encrypted emails. These unsecured particles are stored in a file named snippets.db. The data is used by Siri to make suggestions and provide email Handoff to Mac users. But here is the big deal for this security flaw: Portions of the emails are exposed to Apple servers, which leaves many Mac users at the risk of their information.
Apple told The Verge that they are aware of this issue and it will be addressed in the next macOS Catalina update. All Mac users using FileVault should be fine because it encrypts the entire Mac system from malicious attackers. In addition, all Mac users who use the native Mail app should go to Apple menu > System Preferences > Siri, then to Siri Suggestions and Privacy > Mail and turn off the Learn from this App option. This prevents Siri from using machine learning to exploit through encrypted emails in the app.
Therefore, preventing Siri from using machine learning in the Mail app blocks away from the ongoing emails from being stored in snippets.db. The file causes encrypted emails to become unencrypted, making it more susceptible to be breached by hackers and exploiters. Apple says that it is not exactly specified when a bug patch will come to a future macOS Catalina update, but it is best for Mac users to take action and secure their email accounts right away.