“A bug in macOS can expose the contents of a user’s files — including document text and photo thumbnails — even if the drive is encrypted,” Zack Whittaker reports for ZDNet.
“Security researcher Wojciech Regula found that the ‘Quick Look’ feature in macOS, which takes a snapshot of a file’s contents and the full file path without the user having to open each file, stores that snapshot data in an unprotected location on the computer’s hard drive,” Whittaker reports. “Regula, a security specialist, wrote up details about the macOS data leak issue earlier this month. ‘It means that all photos that you have previewed … are stored in that directory as a miniature and its path,’ Regula wrote. They stay there even if you delete the files, he said.”
“The issue is known to forensic experts, said Regula, and was written about back in 2010,” Whittaker reports. “But Apple has not fixed the apparent data leak issue, even in the most recent version of macOS.”
Read more in the full article here.
MacDailyNews Take: Obviously, Apple should not generate a preview if the file is on an encrypted drive.
Objective-See’s Patrick Wardle explains how to purge your Mac’s Quick Look cache via s simple Terminal command here.