ENCRYPTED EMAIL SHOULD be fairly easy to understand: top-secret information sent in a message should only be readable by the sender and recipient. Apparently Apple didn't get the (possibly encrypted) memo, because it seems extracts of encrypted emails are stored on Macs readable without a key.
The bug was uncovered by IT specialist Bob Gendler, which he outlined in a Medium post here. In short, information from Apple apps including Mail is stored in a database in macOS with the intention of helping Siri learn more about the Mac's owner. One such file - snippets.db - stores unencrypted text from outgoing emails that were supposed to be encrypted.
As The Verge explains, this is a pretty limited attack window for a hacker. You'd have to be using Apple Mail on macOS without FileVault, and the hacker would need to know exactly where to look on your system with direct access. Even then, Apple says, only "portions" of emails are stored. All the same, if you're sending encrypted emails, it's pretty alarming to find out that they exist anywhere unencrypted.
Gendler says he shared his findings with Apple back in July, and the company acknowledged the issue pretty quickly. Yet, as yet, it's still not been fixed. The company told The Verge that it will be fixed in a future software update, which doesn't suggest a great deal of urgency.
If you don't want to wait for Apple to fix the problem, you can prevent Siri from learning from Mail. To do this, dip into System Preferences > Siri > Siri Suggestions & Privacy > Mail, and then toggle off "Learn from this App." Note this will only prevent new emails being stored, so if you want to rid the world of evidence of past emails, you'll have to delete snippets.db too.
Although it's a pretty minor weakness in the greater scheme of things, it's surprising that Apple wouldn't have addressed it within the 100 days Gendler gave the company. After all, it's got to be less expensive than taking out a 150-foot advert bragging about your privacy credentials. Sometimes it's easier to talk the talk, and assume others won't notice you're not walking the walk. µ
Firm's first high-end speaker gets the thumbs up from us
Yes. Yes you can
A fantastic ultraportable that's almost devoid of innovation
Screen if you want to go faster