MacOS QuickLook Feature Leaks Data Despite Encryption

1 Min Read

Specialists are advising macOS clients that not all the information they store on their encoded hard drive is secured. In a recent report, Apple security expert Patrick Wardle uncovered that a macOS feature called QuickLook stores unprotected previews of pictures and other types of files.

“Apple states that: ‘we believe privacy is a fundamental human right….[and] every Apple product is designed from the ground up to protect that.’ …unfortunately marketing claims and reality are sometimes at odds,” said Wardle, chief research officer at Digita Security.

The analysts are working on the examination of Wojciech Reguła, who initially announced the problematic issue early this month. Both Reguła and Wardle portrayed why the information was being put away unprotected and offered a solution for deleting it

Reguła concluded that each of those preview images are containing data directory path which resides in an unencrypted local directory.

“It means that all photos that you have previewed using space (or Quicklook cached them independently) are stored in that directory as a miniature and its path. They stay there even if you delete these files or if you have previewed them in encrypted HDD or TrueCrypt/VeraCrypt container,” said Regula.

Share This Article
Leave a comment