OS X Spotlight Glitch Exposes IP Addresses and Other System Details to SpammersA privacy glitch in Spotlight search for OS X may leak private details, including IP addresses, to email spammers. The flaw was first reported by German tech news site
Heise and replicated in tests performed by
IDG News Service.
The issue affects OS X mail users who have followed conventional security recommendations to turn off the "load remote content in messages" option in the Mail app. This setting prevents the loading of remote content such as images, including "tracking pixels" that are used by spammers to harvest information when people open an email.
A glitch arises when OS X Mail users utilize Spotlight search in OS X, which includes emails in the search results. Spotlight ignores the remote content block preference from Mail and loads the remote email files as part of the search process. Once Spotlight loads one of these tracking pixels, spammers can glean details such as the IP address, OS X version, browser details, and the version of Quick Look being used.
The Spotlight preview loads those files even when users have switched off the "load remote content in messages" option in the Mail app, a feature often disabled to prevent email senders from knowing if an email has arrived and if it has been opened. What's more, Spotlight also loads those files when it shows previews of unopened emails that landed directly in the junk folder.
Currently, the only way to block this information leak is to block Spotlight from including emails in search results entirely by opening System Preferences and unchecking the "Mail & Messages" option for Spotlight. Apple has yet to comment on this Spotlight privacy glitch.
Recent Mac and iOS Blog Stories •
California Judge Dismisses Notebook Logic Board Lawsuit Against Apple •
CES 2015: SVALT Launches Stylish Cooling Dock for Apple MacBooks •
Nest Teams Up With Automatic for Energy Saving Temperature Tweaks Based on Vehicle Activity •
Evernote Offering Automatic Document Scanning With New 'Scannable' iOS App •
CES 2015: ibattz Claims Upcoming Power Banks Will Fully Charge in 15 Minutes [Updated] •
Upcoming Plex Update to Add One-Click iTunes Library Import, New Music Features •
CES 2015: Kensington Announces 'KeyFolio Thin X3 Plus' Battery Case for iPad Air 2 •
August Launches 'Connect' Wi-Fi Bridge to Add Internet Connectivity to Popular Smart Lock<img width='1' height='1' src='
http://rss.feedsportal.com/c/35070/f/648327/s/4229665f/sc/4/mf.gif' border='0'/><br clear='all'/>
<a href="
http://da.feedsportal.com/r/216443639145/u/49/f/648327/c/35070/s/4229665f/sc/4/rc/1/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/216443639145/u/49/f/648327/c/35070/s/4229665f/sc/4/rc/1/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/216443639145/u/49/f/648327/c/35070/s/4229665f/sc/4/rc/2/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/216443639145/u/49/f/648327/c/35070/s/4229665f/sc/4/rc/2/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/216443639145/u/49/f/648327/c/35070/s/4229665f/sc/4/rc/3/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/216443639145/u/49/f/648327/c/35070/s/4229665f/sc/4/rc/3/rc.img" border="0"/>[/url]
<img src="http://da.feedsportal.com/r/216443639145/u/49/f/648327/c/35070/s/4229665f/sc/4/a2.img" border="0"/><img width="1" height="1" src="
http://pi.feedsportal.com/r/216443639145/u/49/f/648327/c/35070/s/4229665f/sc/4/a2t.img" border="0"/><div class="feedflare">
<img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img> <img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img> <img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img></div><img src="//feeds.feedburner.com/~r/MacRumors-Front/~4/sGG8DMN-Gi0" height="1" width="1" alt=""/>
Source:
OS X Spotlight Glitch Exposes IP Addresses and Other System Details to Spammers
