Apple fixes a vulnerability in MacOS, which contains unencrypted snapshots of encrypted messages
Apple fixes a vulnerability in MacOS, which contains unencrypted snapshots of encrypted messages


According to security researcher (Bob Gendler), Apple released version 10.15.3 of the macOS Catalina operating system last week, which identified a vulnerability that allowed hackers to read portions of the encrypted email as it was. Not encoded in the same way.

Gendler discovered the vulnerability in July last year, especially a few months after Apple failed to solve it. Apple was explicitly informed of this.

When Gendler published an article announcing the vulnerability, Verge website indicated Apple's message that the vulnerability should be addressed in a future update. The fix is ​​currently being published in about 3 months. The vulnerability could affect a small number of users because snapshots of unencrypted email were found in the database file. According to Siri's recommendations, these shots are hard to find, and this can only be seen in very specific situations.

Note that Apple did not mention the fix in the macOS 10.15.3 update instructions, but the beta version of the update says that hackers will not see snapshots of emails: The company has changed the Apple Mail index. This is how the service encrypts messages. To avoid the gaps, as Gendler found.



Post a Comment

Previous Post Next Post