A recently discovered vulnerability in the macOS Mail app caused by Siri that currently affects Catalina and the previous three releases means that users’ encrypted emails actually aren’t. While Apple is working on a fix for the bug, read on for more details about the issue and a couple of workarounds to solve the problem now.

Reported by The Verge, Apple IT specialist Bob Gendler discovered the vulnerability over three months ago and reported it to Apple on July 29th. After quite the wait, Gendler heard back from Apple this week with a solution. It will be included it in a future update. He shared more about his findings in a Medium post this week.

Gendler discovered the macOS Mail app encryption bug affects Catalina, Mojave, High Sierra, and Sierra users. Last year we saw a vulnerability in the HTML rendering of the iOS and macOS Mail apps that also made the app’s standard encrypted emails able to be seen in plaintext. This new bug has to do with Siri analyzing emails and leaving an unencrypted version available to access.

Siri suggest information to users, he found macOS database files that store information from Mail and other apps which are then used by Siri to better suggest information to users. That isn’t too shocking in and of itself — it makes sense that Apple needs to reference and learn from some of your information to provide you better Siri suggestions.

But Gendler discovered that one of those files, snippets.db, was storing the unencrypted text of emails that were supposed to be encrypted. Here’s an image he shared that’s helpful to explain what’s going on:

macOS encrypted email vulnerability

How to make sure your emails on macOS are encrypted

While Apple works on a fix for this bug, there are two ways to make sure your emails remain encrypted.

Option 1:

  • Turn on FileVault via System Preferences > Security & Privacy > FileVault

Option 2:

  • If you prefer not to turn on FileVault, you can turn off Siri from analyzing your email
  • Head to System Preferences > Siri > Siri Suggestions & Privacy
  • Click Mail and then uncheck Learn from this App

FTC: We use income earning auto affiliate links. More.

OWC USB-C Dock deal

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Michael Potuck

Michael is an editor for 9to5Mac. Since joining in 2016 he has written more than 3,000 articles including breaking news, reviews, and detailed comparisons and tutorials.