According to Apple, there is a bug in email encryption under macOS 10.15 Catalina. The company plans to fix this in a later update.
According to a new report from The Verge, a vulnerability in Apple's Mail application was discovered by IT specialist Bob Gendler. Gendler made the discovery while investigating Siri under macOS. According to the report, a special file would save the contents of emails that should actually be encrypted. Even after removing a private key, the content was still readable. The problem is said to exist not only in macOS Catalina but also in Mojave, High Sierra and Sierra. In The Verge report is it [called:
"Apple tells The Verge it's aware of the issue and said it will be addressed in a future software update. The company also said it only stores parts of emails. But the fact that Apple still somehow leaves parts of encrypted emails exposed when they're explicitly meant to be encrypted is obviously not good."
The investigation also revealed that not all users of the aforementioned operating systems are affected by this issue. However, according to Apple, there is a temporary workaround. The company explained to The Verge how to protect new emails from the bug. Users can open the "Siri" section via System Preferences and then navigate to the "Siri & Privacy" section. Now, select the "Mail" tab in the submenu and deactivate the "Learn from this app" option. As mentioned above, it is unclear how many people are actually affected. Gendler writes:
“It raises the question of what else is being tracked and possibly improperly stored without you realizing it.”
It remains unclear which update will ultimately fix the bug. However, it can be assumed that Apple will act as quickly as possible. (Photo by Somchai Choosiri / Bigstockphoto)
