News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • macOS Vulnerability Leaves Text of Some Encrypted Emails Readable

    Posted on Nathan Parker Comment on the AskWoody Lounge

    Home Forums AskWoody support Non-Windows operating systems macOS macOS Vulnerability Leaves Text of Some Encrypted Emails Readable

    This topic contains 5 replies, has 3 voices, and was last updated by  Nathan Parker 1 month ago.

    • Author
      Posts
    • #2002471 Reply

      Nathan Parker
      AskWoody_MVP

      There’s a macOS vulnerability that stores the text of some encrypted emails in an unencrypted format. Apple will be fixing it in a future macOS update. It seems to at least affect Mojave and Catalina. Not sure about other macOS versions.

      Nathan Parker

      1 user thanked author for this post.
    • #2002542 Reply

      mn–
      AskWoody Lounger

      I’d note, this issue affects Apple Mail and S/MIME encryption.

      With a quick browse-through, I didn’t find any mention of other applications so remains to be seen if Outlook on Mac or Thunderbird is affected, and neither was there any mention of other encryption methods. (PGP… hm, I note that the usual OpenPGP component for Apple Mail is no longer free… Office 365 Message Encryption in Outlook for Mac?)

      Since the vulnerability is in capturing displayed text for feeding to Siri, it’s conceivable that they might be affected… or might not.

      1 user thanked author for this post.
    • #2002550 Reply

      Alex5723
      AskWoody Plus

      There’s a macOS vulnerability that stores the text of some encrypted emails in an unencrypted format. Apple will be fixing it in a future macOS update. It seems to at least affect Mojave and Catalina. Not sure about other macOS versions.

      This only effects data saved on the MAC and requires hacking into the MAC to get the unencrypted data.

      2 users thanked author for this post.
    • #2003033 Reply

      Nathan Parker
      AskWoody_MVP

      It is correct this only affects data saved on the Mac, and it is a S/MIME issue. I believe it is only for macOS Mail, not third-party clients.

      Nathan Parker

      • #2003176 Reply

        mn–
        AskWoody Lounger

        Actually this one looks more like it’d be a Siri issue, not S/MIME. It’s a natural requirement that S/MIME needs to be decrypted for you to be able to understand it, therefore it’s displayed on screen in decrypted text format.

        Siri can access that decrypted form. And if the decryption key isn’t available, Siri can’t get at that data.

        I checked, Siri only works with Apple’s Mail, so third-party mail applications aren’t affected… but didn’t have Catalina on the Mac I used for testing, so does that still hold?

        Also, anyone have PKCS#11 support working in Apple Mail? Would be interesting to see if that variant of S/MIME is similarly affected…

        This only effects data saved on the MAC and requires hacking into the MAC to get the unencrypted data.

        Exactly.

        1 user thanked author for this post.
    • #2003747 Reply

      Nathan Parker
      AskWoody_MVP

      The more I dig into it, it does seem to be more a Siri issue. I don’t believe third party clients are affected even in Catalina.

      Nathan Parker

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: macOS Vulnerability Leaves Text of Some Encrypted Emails Readable

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.