Bob Gendler:

The main thing I discovered was that the snippets.db database file in the Suggestions folder stored my emails. And on top of that, I found that it stored my S/MIME encrypted emails completely UNENCRYPTED. Even with Siri disabled on the Mac, it still stores unencrypted messages in this database! […]

[…] This completely defeats the purpose of utilizing and sending an encrypted email. […]

Another database, entities.db, stores records of people’s names, email, and phone numbers you’ve corresponded with. Although the phone number may not be in your contact list, data from emails such as signature blocks and forward information are stored. It’s like an address book built for you. This could be touchy, as it may allow quick and easy access to some potentially sensitive information.

Bob mentions a few fixes you should definitely check out if you’re using encrypted email.

It’s been 100 days since I’ve alerted Apple, we’ve seen a security update to macOS Sierra 10.12, security updates to macOS High Sierra 10.13, Supplemental Updates to macOS Mojave 10.14, a security update to macOS Mojave 10.14, macOS Catalina 10.15.0 released, Supplemental Update to 10.15.0, and 10.15.1 release.

For a company that prides itself on security and privacy, the lack of attention to detail on an issue like this completely and totally surprises me.

Sadly, I am still not surprised that they react selectively to security issues. This problem hasn’t been fixed in years and it appears that not much has changed.