According to IT expert Bob Gendler, the macOS version of the mail application has a vulnerability that will cause some encrypted mail text to be readable. According to Gendler, macOS, a feature that provides contact suggestions, uses the snippets .db database file to store encrypted email in an unencrypted format, even if Siri is disabled on the Mac.
It is reported that Gendler first discovered the vulnerability on July 29 and reported it to Apple. In a few months, Apple said it was investigating the issue, but still has not found a solution. The vulnerability persists in macOS Catalina and earlier versions of macOS. In response, Apple told The Verge that they are aware of the problem and will address it in future software updates.
In fact, the problem affects a limited number of people, macOS users generally do not need to worry about this issue. It requires users to send encrypted mail using macOS and Apple Mail applications. It doesn’t affect those who have FileVault open, and those who want to access this information need to know where in Apple’s system files they can view and actually access a machine.
However, as Gendler pointed out, this particular vulnerability raises the question of what is being tracked and potentially stored improperly if the user is not aware of it.
Those who care about this issue can prevent data from being collected into the snippets.db database by opening System Preferences > Siri > Siri Suggestions & Privacy > Mail and toggling off “Learn from this App.”. This will prevent new messages from being added to snippets.db, but will not delete those messages that are already included.