Technology: Apple will fix macOS flaw exposing portions of encrypted emails - - PressFrom - US
  •   
  •   
  •   

Technology Apple will fix macOS flaw exposing portions of encrypted emails

22:55  08 november  2019
22:55  08 november  2019 Source:   engadget.com

Apple confirms iOS 13 Reminders will be fixed with macOS Catalina rollout

  Apple confirms iOS 13 Reminders will be fixed with macOS Catalina rollout iOS 13 came out a couple of weeks ago, but one thing you may have noticed is that Reminders no longer sync with Macs. Apple has confirmed that Reminders will not sync until the release of the newest version of macOS. The new version of Reminders for iPhone impressed us with its improvements in iOS 13.1. However, to sync Reminders between an iPhone and a Mac requires macOS 10.15, a.k.a. Catalina, which isn't due to release until the coming weeks. "Upgraded reminders aren't compatible with earlier versions of iOS and macOS," Apple says on its support site.

Apple is touting its claimed privacy advantage more than ever, but that's not entirely true for Mac users at the moment. The company tells Engadget it will fix a macOS flaw that leaves portions of encrypted Mail messages unprotected. Bob Gentler has discovered that a database file used by Siri (snippets.db) was storing text from emails that were otherwise supposed to be protected -- even if you remove the private key that prevents you from reading the app in Mail. While it's not the full message, it could still pose problems if a hacker has access to your system and is trawling for sensitive info.

a laptop computer sitting on top of a wooden cutting board

The vulnerability exists in at least the last four versions of macOS, ranging from Sierra to Catalina.

GoPro's Hero8 Black Is Boring—and That's What Makes It Great

  GoPro's Hero8 Black Is Boring—and That's What Makes It Great No single upgrade in GoPro’s new flagship camera will surprise you. There is no “new killer feature” that sets it apart from either the competition or last year’s Hero7 Black. It doesn’t even have a built-in selfie screen (although you can buy one as a new add-on “mod.”) And yet, somehow, the Hero8 Black is the GoPro I’ve been waiting to see for years without realizing it.

This isn't as glaring a flaw as it sounds. To be vulnerable, you'd have to use Mail, send encrypted messages from Mail and leave FileVault's whole-drive encryption turned off. If you rely on a third-party email client or use FileVault, you're not affected. You can also remove Mail from snippets.db by going to System Preferences > Siri > Siri Suggestions & Privacy > Mail and switching off the "learn from this app" option. It's not clear when the patch will be ready, but you won't have to stay exposed in the meantime.

Nonetheless, this isn't what you'd call confidence-inspiring. Gendler noted that he reported the issue on July 29th, and that Apple didn't respond with a solution until November 5th. That's a long time to leave email content exposed, even if the likelihood of an attack is slim in practice. It suggests that Apple still has room to speed up its responses to vulnerabilities.

Bob Gendler (Medium), The Verge

World’s greatest snow machines – US edition .
Join us as we explore the biggest, baddest and maddest snow machines ever created

—   Share news in the SOC. Networks

Topical videos:

usr: 1
This is interesting!