More On the MacOS Email Security Flaw - ThreatWire Crosspost (Patreon)

By Shannon Morse, ThreatWire 

Support me on alternative platforms! https://snubsie.com/support

https://www.youtube.com/shannonmorse --  subscribe to my new channel!

ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire 

An Apple IT specialist recently discovered a problem with MacOS computers that stores emails that are supposed to be stored with S/MIME-encryption to be stored in readable text within the operating system. Bob Gendler found this flaw when he was exploring how Siri and MacOS make suggestions for information and contact data that is sent to a user. He found a folder of data deep within the system, which was used for storing database files, some of which had data about Apple Mail and other applications used to improve Siri and OS suggestions. One of these database files stored his email unencrypted, even though emails are supposed to be encrypted with S/MIME. Secure Multipurpose Internet Mail Extensions is generally used as a protocol for sending digitally signed and encrypted messages - like email. Gendler found that while Siri was disabled, this data was still stored.

Gendler informed Apple on July 29, and the problem has still not been fixed. Affected users would need to be using MacOS with Apple Mail, sending encrypted messages without FileVault turned on. While the affected users may not notice or worry since the plaintext messages are stored locally, this could be an issue if traveling abroad or for developers or employees and contractors for governments or corporations who have access to trade secrets or proprietary data.

This affects MacOS versions from Sierra to Catalina. If you’re worried about unencrypted email being stored on your machine, go to System Preferences — Siri — Siri Suggestions and Privacy, then uncheck Apple Mail. This can also be disabled via a terminal command, or via a new configuration profile which disables Siri’s ability to learn from Apple mail. Only the third option permanently disables email scraping, even after an OS update. Users can find this file within the Users/username/Library/Suggestions directory. And also, turning on FileVault encrypts everything on your machine.

According to Apple, a fix will be deployed in a future patch and only portions of emails are stored. But those are still portions of what should be encrypted messages. 

MacOS Email:

https://medium.com/@boberito/apple-mail-stores-encrypted-emails-in-plain-text-database-fix-included-3c2369ce26d4

https://threatpost.com/encrypted-emails-on-macos-found-stored-in-unprotected-way/150065/

Disable email storage: https://www.zdnet.com/article/apple-mail-on-macos-leaves-parts-of-encrypted-emails-in-plaintext/

https://www.cyberscoop.com/apple-mail-vulnerability-encryption-macos/

https://www.theverge.com/2019/11/8/20954130/apple-mail-encrypted-unencrypted-email-macos-siri-text