Reminder: macOS still leaks secrets stored on encrypted drives

Reminder: macOS still leaks secrets stored on encrypted drives

7 years ago
Anonymous $cyhBy-qkd5

https://arstechnica.com/information-technology/2018/06/reminder-macos-still-leaks-secrets-stored-on-encrypted-drives/

Unbeknownst to many people, a macOS feature that caches thumbnail images of files can leak highly sensitive data stored on password-protected drives and encrypted volumes, security experts said Monday.

The automatically generated caches can be viewed only by someone who has physical access to a Mac or infects the Mac with malware, and the behavior has existed on Macs for almost a decade. Still, the caching is triggered with minimal user interaction and causes there to be a permanent record of files even after the original file is deleted or the USB drive or encrypted volume that stored the data is disconnected from the Mac. Patrick Wardle and Wojciech Reguła, who are macOS security experts at Digita Security and SecuRing, respectively, said for many people, it’s unnecessarily risky to store snapshots of files related to passwords or other sensitive matters in an unprotected folder. In a blog post published Monday, they wrote: