A glitch in Apple’s OS X Spotlight can potentially expose sensitive details of Apple Mail users, including IP addresses and more to spammers, phishers, and other online tracing companies.
When searching with Spotlight in OS X, Apple indexes emails received with the Apple Mail client; however, when performing the searches, Spotlight shows previews of the emails and automatically loads external images in the HTML email. There is a setting in the Mail application that when switched off, prevents the loading of remote content in messages. Unfortunately, there currently is a glitch with Spotlight that still loads the files even with the setting switch off.
The Spotlight preview loads those files even when users have switched off the “load remote content in messages” option in the Mail app, a feature often disabled to prevent email senders from knowing if an email has arrived and if it has been opened. What’s more, Spotlight also loads those files when it shows previews of unopened emails that landed directly in the junk folder.
Loading external files can reveal private information to the email senders. For instance, some senders include tracking pixels linked with images that can send information back to the sender when the image is loaded. The information sent can sometime help email marketers to gather data the receivers.
Currently, the only way to work around this issue is to disable Spotlight from searching Mail and Messages in System Preferences.
Leave a Reply