• Your favorite








    , and
  • Newly-discovered OS X Yosemite SpotLight Bug Puts Users' Private Data at Risk

    Another day, it seems, another bug in Apple's software that has been discovered.

    A new bug has been discovered in the SpotLight search feature of Apple's latest OS X Yosemite operating system for Mac computers that could put the users' private information at risk simply by using the feature and obtaining search results from indexed files on the user's system.

    According to the German news site Heise, which was the first to report on this issue, OS X Yosemite has a bug that forces SpotLight to display image previews of images that are embedded in HTML e-mails in Apple's stock Mail application. Often times, companies will use what are called "tracking pixels" to harvest information about those who open the e-mail and view the image, and this is where the problem lies.

    Since these tracking pixels can obtain information about the person that opened the image and then send it back to the sender of the original image, SpotLight puts the user's IP address, as well as other personal information, at risk of being seen and used by spammers that send these tracking pixels to the masses via e-mail.

    SpotLight offers an option for disabling the loading of remote content from e-mail messages, but the bug makes it so that even when this option is turned off by the user, SpotLight continues to load the images anyway. Therein lies the problem; not only is the user's information put at risk, but the user has no way to protect themselves from the indexed files inside of e-mails sent by these information harvesters without completely disabling the showing of e-mail content from SpotLight completely.

    Hopefully, a future update for OS X Yosemite will rectify this issue and re-secure users' valuable private information to keep them safe from attacks and malicious e-mails.

    Sources: Heise via MacRumors
    This article was originally published in forum thread: Newly-discovered OS X Yosemite SpotLight Bug Puts Users' Private Data at Risk started by Anthony Bouchard View original post