A bug in Apple Mac’s ‘Quick Look’ feature leaks encrypted data, researchers find

“A bug in macOS can expose the contents of a user’s files — including document text and photo thumbnails — even if the drive is encrypted,” Zack Whittaker reports for ZDNet.

“Security researcher Wojciech Regula found that the ‘Quick Look’ feature in macOS, which takes a snapshot of a file’s contents and the full file path without the user having to open each file, stores that snapshot data in an unprotected location on the computer’s hard drive,” Whittaker reports. “Regula, a security specialist, wrote up details about the macOS data leak issue earlier this month. ‘It means that all photos that you have previewed … are stored in that directory as a miniature and its path,’ Regula wrote. They stay there even if you delete the files, he said.”

“The issue is known to forensic experts, said Regula, and was written about back in 2010,” Whittaker reports. “But Apple has not fixed the apparent data leak issue, even in the most recent version of macOS.”

Read more in the full article here.

MacDailyNews Take: Obviously, Apple should not generate a preview if the file is on an encrypted drive.

Objective-See’s Patrick Wardle explains how to purge your Mac’s Quick Look cache via s simple Terminal command here.


  1. So, someone that has access to your hard drive with all of the files and all the full resolution images also has access to the paths to the files and the preview resolution version of the images. That’s pretty durn serious…not.

  2. This lapse is typical of Apple lately. They tout privacy and security but are no more transparent, or responsive, than anyone else when a potential exploit is reported. I feel strongly that Apple’s public-relations machine is more powerful than any public-service function that they feebly perform. Should they respond to any minor quibble by Tom, Dick, or Harry? Why, yes, they should. They may like to appear the sleek, chic, corporate machine, and they are, but Tom, Dick, and Harry are their customers. Apple has explicitly expressed a desire to retain them, so..

  3. Wow. just love these self-righteous people who couldn’t find a software problem if one bit them, taking the holier than though attitude. yeah, this is a bug, but it has no real ramifications, and its so esoteric that even complaining about it is almost silly..

    1. Yeah, when describing a vector, if the description includes “if someone has access to the running system”, it automatically goes to the bottom of the pile. If someone has access to your running system without you around, you’ve got a LOT more than “someone can see tiny versions of files I’ve seen!” to worry about.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.