Glitch In OS X Search Can Expose Private Details of Apple Mail Users

itwbennett (1594911) writes "The potential privacy risk in Apple's OS X Yosemite, first reported by German tech news site Heise and confirmed by IDG News Service, appears when people use the Spotlight Search feature, which also indexes emails received with the Apple Mail email client. Performing a Spotlight search opens email previews that load external images, including tracking pixels that are used to gather data, even when the Mail client is asked not to do this." From the article: A preview of the unopened emails was shown by Spotlight, which revealed to the operator of the server hosting the pixels the receiver’s IP address, current OS version and some details about the browser used as well as the version of Quick Look, a program that let’s users preview a document.

Re:not really a bug just a behavior

[bws111]

It IS worse. Whether or not to accept tracking cookies is up to me. Whether or not my email address gets confirmed as being active and in use is not up to me, because this search program is doing it.

Furthermore, since the search program is following these links it obviously must be interpretting the returned data somehow. Is that interpreter known to be perfect, or is it possible someone could create some malicious content that could cause the interpreter to do something bad? Then, all they have to do is send you an email with a link to the content and the search will happily do whatever the malware wants.

We constantly see comments on here about how stupid people are because they are tricked into following links to sites with malicious content. Here, we have a program doing that exact thing, without user control, and that behavior is being excused. Why?