macOS Vulnerability Exposes Files on Encrypted Drives
A vulnerability in macOS exposes part of the content stored on encrypted drives, and security researchers say the bug has been known for at least several years.
The Quick Look feature bundled into Apple’s desktop operating system is the culprit, as it generates previews that are then stored on unencrypted drives, regardless of the original location of the file. This means that when Quick Look is triggered, the feature generates a preview of each file, even if from an encrypted drive, and then stores it in a non-encrypted location.
The preview partially exposes the content of the file and can be then accessed by malicious actors to read this information, researches have shown.
Quick Look is a feature that makes it possible for macOS users to quickly preview each file by pressing the space bar. The operating system then opens a pop-up that’s essentially a thumbnail with the essential info, and this image is then stored in a folder at the following path:[TERMINAL]$… (read more)