MacOS “Quick Look” Exists Bug that leaks Encrypted Data

Earlier this month, security researcher, Wojciech Regula announced the security flaw in the macOS “Quick Look” feature that has existed for a long time. In short, the macOS “Quick Look” feature may expose sensitive user files such as photo thumbnails and document text, even on encrypted disks. macOS “Quick Look” is one of the functions of the Finder file browser. When the user selects a photo or document, pressing the space bar can zoom in or preview the material for quick viewing.

Image: wojciechregula

To provide this preview feature, Quick Look creates an unencrypted thumbnail database and saves a thumbnail of the file. These thumbnails give previews on content on encrypted disks. Technicians can especially access these thumbnails. MacOS also does not have automatic cache removal of thumbnails.

This security issue has been on macOS for at least eight years, and Apple has not resolved it. In the latest macOS version, this problem still exists, but most Mac users do not understand. This security issue is helpful for law enforcement investigations, but most users are not satisfied when they learn that their Mac records document paths and thumbnails on each storage device.

Source: thehackernews