Apple is normally pretty hot on security, but a new glitch discovered in OS X Yosemite’s search threatens to expose the private details of Apple Mail users — including IP addresses, and more — to online spammers and phishers.
The privacy risk occurs when people use Spotlight Search, which also indexes emails received with the Apple Mail email client. When performing searches on a Mac, Spotlight shows previews of emails and automatically loads external images in the HTML email.
So why is this dangerous?
Loading external files can be potentially damaging since it reveals private information to email senders. For example, in some instances senders include tracking pixels linked with images, capable of sending information back to the sender when that image is loaded by a users. The information can help email marketers gather data on recipients.
The automatic loading in Spotlight takes place even when users have switch off the “load remote content in messages” feature, provided by Apple to let users stop email senders knowing if an email has arrived and been opened.
To add insult to injury, Spotlight additionally loads those files when it shows previews of unopened emails which landed directly in the junk folder.
Until Apple issues a fix, the only workaround to this problem is to completely disable Spotlight from searching Mail and Messages. This can be done in your Mac’s System Preferences.
Source: Heise