According to a report by The Verge, Apple is aware of an issue that lets some of the text from encrypted emails sent through the Mail app on macOS, be read as if they were unencrypted. The iPhone maker has told the publication that it will be addressing the bug in a future software update.
The vulnerability, however, only affects those macOS users who use the Mail app to send encrypted emails and are not using the FileVault to encrypt their entire system already. Having allegedly known about this issue for months without offering a fix, Apple now says that only portions of emails are stored unencrypted.
The bug was first shared by Bob Gendler, an Apple-focused IT specialist, in a Medium blog published on Wednesday. Gendler says he tested the four most recent macOS releases and could read encrypted email text on all of them.
Gendler first reported the issue to Apple on July 29th, and he says he didn’t get a response with a solution from the company until November 5th — 99 days later — despite repeated follow-ups. And even though Apple has updated each of the four versions of macOS where Gendler spotted the vulnerability in the months since he reported it, none of those updates contained a fix for the issue.
As a temporary measure, Apple suggest that if you want to avoid these unencrypted snippets potentially being read by other apps, you can stop giving apps full disk access in macOS Catalina.