Sometimes first-round launches of software reveal vulnerabilities not taken into account during the development process. If you have a Mac device and have upgraded to OS X Yosemite, you might be at risk of your IP address being exposed. As Data Privacy Day nears on January 28th, many of you are looking for a way to secure your information and protect yourselves, and education about cyber crimes and your options are at the forefront of this cyber war.
While the Yosemite bug does not have an official fix performed by apple developers yet, we uncovered an alternative for the Yosemite vulnerability, and we’ve brought it to you for peace of mind.
The Yosemite vulnerability is caused by a new Spotlight bug that targets the user’s privacy settings, reportedly by a backdoor in Apple Mail specifically designed for spammers, advertisers and phishers. As you know, Spotlight was the search mechanism introduced into Apple’s software, starting with the iPad 2 Retina Display and the applicable Mac product at the time. Using it allows the user to search for anything on the device, it’s software, it’s settings or online depending on the search topic.
However, Spotlight was discovered to not only search for useful items on the device; it also emits the users privacy setting information current installed operating system and devouges the user’s browsing activity. Under the new spotlight update, the user has the option to check a box that will block third party content, however, the bug continues the connection even after the user has checked the option.
Without fixing the issue, advertisers and spammers who use the “tracking pixels” technique to communicate email addresses and system information to servers, will have access to the user’s private information in settings.
Who does this affect?
The bug does not compromise every Apple user; only a specific niche of Apple users. If you have an Apple product such as an iPad, a Mac or an iPod, and you take advantage of the spotlight feature to search for items on your device, and you also use Apple Mail products, then you are at risk for having your confidential information exposed to third-party advertisers. There is no security check from the server or the device to prevent unsolicited emails or advertisements from these sources.
Here’s how to fix the bug.
Apple Mail users can bypass the bug by removing “Mail” and all it’s services from their Spotlight Search. By entering “System Preferences” and then opening “Spotlight”, you can eliminate Mail services from the search function by un-checking the “Mail and Messages” checkbox.
If you’d rather avoid the issue entirely, you can migrate to other apps including Dropbox Mailbox, Google Sparrow or Mindscene Mail Pilot.
These are the only two current ways to protect yourself from the Apple vulnerability. Currently, you cannot use Apple Mail and Spotlight together without being affected by this bug.