Skip to main content

Apple reportedly patches Catalina bug that showed unencrypted snippets of encrypted emails

Apple reportedly patches Catalina bug that showed unencrypted snippets of encrypted emails

/

The fix is apparently in macOS Catalina 10.15.3

Share this story

Illustration of a glowing apple on a blue, dotted background
Illustration by Alex Castro / The Verge

Apple released macOS Catalina 10.15.3 last week, and the update apparently patched a bug that could let you read some text from encrypted emails as if they were unencrypted, according to IT specialist Bob Gendler. A longtime Mac fan, Gendler originally found the bug in July and privately disclosed it to Apple months before publicly writing about it last November, only after the company failed to fix the issue.

Apple told The Verge at the time of Gendler’s original post that it would be fixing the issue in a future software update. It seems as if the company has done just that, Gendler writes in a new post, but we’ve asked Apple to confirm that the latest version of Catalina does indeed squash the bug.

The bug likely only affected a small number of people, as the unencrypted email snippets were found in one hard-to-find macOS database file used for Siri Suggestions, and you could only see those email snippets under very specific circumstances. Those were, from our November article about the bug:

You need to be using macOS, Apple Mail, be sending encrypted emails from Apple Mail, not be using FileVault to encrypt your entire system already, and know exactly where in Apple’s system files to be looking for this information. If you were a hacker, you’d need access to those system files, too.

The fix isn’t mentioned in the public macOS 10.15.3 release notes, but release notes for betas of Catalina 10.15.3 say that encrypted emails now won’t appear in Spotlight searches at all, according to Gendler. That could mean that Apple has changed how it indexes encrypted emails from Apple Mail to prevent bugs like what Gendler found.

In his own testing, Gendler saw the database file that used to take in encrypted emails would no longer do so. Gendler also said in his latest post that AppleCare Enterprise Support contacted him directly about the fix.

Even if this bug doesn’t apply to you, though, you should still update your Mac so that it has the latest bug fixes from Apple.