Apple to Fix macOS Mail Vulnerability That Leaves Text of Some Encrypted Emails Readable

[coolfactor]

I've never used it, my wife and I are the onlyone that have access to our machines. They contain nothing of use to anyone. If someone want to access 1000's of boring photo's of our trips to Chester Zoo, the sad buggers are welcome to them.

Not everyone needs it. I am sure to those that do more with thier machines it is crucial and a very helpful added feature.

You understand FileVault is completely transparent once enabled, right? There's nothing "to use". If you machine ever got stolen, you'd be protected. Yes, there's a lot more on there than boring old photos.

One minute of your life is not worth the risks, I say. Turn it on.

 

[TheShadowKnows!]

Who doesn't have FileVault turned on???

Dude, even if FileVault is disabled, systems with the T2 chip will encrypt all volumes, but protected only by the hardware UID (absent the combo of user password and hardware UID).

"If FileVault isn’t enabled on a Mac with the T2 chip during the initial Setup Assistant process, the volume is still encrypted, but the volume key is protected only by the hardware UID in the Secure Enclave. If FileVault is enabled later—a process that is immediate since the data was already encrypted—an anti-replay mechanism prevents the old key (based on hardware UID only) from being used to decrypt the volume. The volume is then protected by a combination of the user password with the hardware UID as previously described." [Apple T2 Security Chip Overview]

Live and learn, and pray that the T2 chip does not crap out.

 

[Khedron]

Dude, even if FileVault is disabled, systems with the T2 chip will encrypt all volumes, but protected only by the hardware UID (absent the combo of user password and hardware UID).

"If FileVault isn’t enabled on a Mac with the T2 chip during the initial Setup Assistant process, the volume is still encrypted, but the volume key is protected only by the hardware UID in the Secure Enclave. If FileVault is enabled later—a process that is immediate since the data was already encrypted—an anti-replay mechanism prevents the old key (based on hardware UID only) from being used to decrypt the volume. The volume is then protected by a combination of the user password with the hardware UID as previously described." [Apple T2 Security Chip Overview]

Live and learn, and pray that the T2 chip does not crap out.

The T2 chip is physical ransomware

 

[[AUT] Thomas]

This is overblown. S/MIME = HTTPS for e-mail. Encryped webpages are cached and indexed all the time.

Bob Gendler is acting like S/MIME is some super-high security protocol where it isn't. It doesn't protect "Secret or top-secret information".

The point is if you do something do it properly. What else is overblown by your definition? It is just bad attitude to have period.

I first wanted to agree with, but konqerror is actually right. S/MIME is used to protect the mail in transit and on the server (!), much like PGP. Once the message is arrived it may as well be stored unencrypted within the mail client/OS -or at least thats the point at which S/MIME is no longer supposed to protect confidentiality.
Anyone with even low level of security requirement has drive encryption on these days.
If you don‘t have drive encryption, you generally risk stuff being indexed in the search database or ending up in some temp folder unencrypted. That‘s exactly what happened here...
Even with Apple Mail not indexing the mails, if the user opens an attachment from an email, or worse, drags it to the desktop, it will get indexed and it will lose it‘s S/MIME encryption. That‘s why S/MIME is only good protection until the mail arrives at its destination. Beyond that, drive encryption or some similar technology needs to take over.

 

[MrMister111]

Will enabling FileVault on a MacBook Pro SSD have any performance hit?

I thought having a T2 chip did encryption?

 

[konqerror]

Live and learn, and pray that the T2 chip does not crap out.

The T2 incorporates the SSD controller, so it works exactly like any high-end discrete SSD, or even mechanical SED drive, in that aspect.

Take a Crucial MX500, Samsung 970, or those portable hard drives with hardware encryption. The drive controller encrypts all written data with an internal key always. If you do a secure erase, the internal key is wiped. When encryption is enabled, through OPAL or the vendor app, the internal key is encrypted by a key the TPM or user knows.

If the controller craps out, your data is unrecoverable in any case.

 

[CHA05 R31GN5]

Who doesn't have FileVault turned on???

Anyone that doesn't actually require it, which are the majority of people. Yeah, there's a difference between a need and a want. If it were required, then many other consumer devices which have had different OS with boot drive encryption would have enabled it by default. Apple doesn't even enable it by default because it increases the probability of incompatibility and/or overall introduction of anomalies which are caused by the method used for encrypting data. Apple merely suggests the user to enable it. There's a difference between a suggestion and a requirement. So, enable it if you want, most people don't fall under the stipulations of requiring it. But, deal with any issues which could potentially occur because of it.
[automerge]1573253459[/automerge]

Will enabling FileVault on a MacBook Pro SSD have any performance hit?

Slightly, as long as, there are no other problems between storage access by programs whether reading/writing data. Issues can arise, hence the T2 kernel panics that had plagued macOS for some time. There were less incidences whenever FV wasn't enabled on T2 equipped hardware.

I thought having a T2 chip did encryption?

It's drive controller encryption for bits read/written from/to the solid-state cells. Think of T2 as hardware-based encryption and FileVault as software-based encryption. The T2 encryption of streamed data is actually more secure than OS encryption of data, which can be bypassed.

 

[az431]

Dude, even if FileVault is disabled, systems with the T2 chip will encrypt all volumes, but protected only by the hardware UID (absent the combo of user password and hardware UID).

Though the SSD in computers that have the Apple T2 Security Chip is encrypted, you should turn on FileVault so that your Mac requires a password to decrypt your data.
To turn on FileVault, follow these steps:

1. Choose Apple menu () > System Preferences, then click Security & Privacy.
2. Click the FileVault tab.
3. Click
   
   , then enter an administrator name and password.
4. Click Turn On FileVault.

Protect data on your Mac with FileVault

Turn on FileVault to add an extra layer of security to the encrypted data on your Mac.

support.apple.com

Live and learn, and pray that the T2 chip does not crap out.

Assuming you back up your data, it is a non-issue.
[automerge]1573253935[/automerge]

Anyone that doesn't actually require it, which are the majority of people. Yeah, there's a difference between a need and a want. If it were required, then many other consumer devices which have had different OS with boot drive encryption would have enabled it by default. Apple doesn't even enable it by default because it increases the probability of incompatibility and/or overall introduction of anomalies which are caused by the method used for encrypting data. Apple merely suggests the user to enable it. There's a difference between a suggestion and a requirement. So, enable it if you want, most people don't fall under the stipulations of requiring it. But, deal with any issues which could potentially occur because of it.
[automerge]1573253459[/automerge]


Slightly, as long as, there are no other problems between storage access by programs whether reading/writing data. Issues can arise, hence the T2 kernel panics that had plagued macOS for some time. There were less incidences whenever FV wasn't enabled on T2 equipped hardware.


It's drive controller encryption for bits read/written from/to the solid-state cells. Think of T2 as hardware-based encryption and FileVault as software-based encryption. The T2 encryption of streamed data is actually more secure than OS encryption of data, which can be bypassed.

Not enabling FileVault is silly. If your computer is stolen, every piece of information on your drive, including credit cards and any other personal information, can be read by anyone.

T2 and FileVault guard against different intrusion scenarios, and Apple recommends you use both.

 

[CHA05 R31GN5]

Though the SSD in computers that have the Apple T2 Security Chip is encrypted, you should turn on FileVault so that your Mac requires a password to decrypt your data.
To turn on FileVault, follow these steps:

1. Choose Apple menu () > System Preferences, then click Security & Privacy.
2. Click the FileVault tab.
3. Click
   
   , then enter an administrator name and password.
4. Click Turn On FileVault.

Protect data on your Mac with FileVault

Turn on FileVault to add an extra layer of security to the encrypted data on your Mac.

support.apple.com

Assuming you back up your data, it is a non-issue.
[automerge]1573253935[/automerge]



Not enabling FileVault is silly. If your computer is stolen, every piece of information on your drive, including credit cards and any other personal information, can be read by anyone.

T2 and FileVault guard against different intrusion scenarios, and Apple recommends you use both.

This is my only reply to you. You obviously don't know when something is a requirement or isn't and the policies set forth about it. You spread misinformation like many of the other trolls on this site. Also, you wouldn't know when boot drive encryption is necessary. But you can't argue against the fact that Apple doesn't make it a requirement to enable FileVault on their consumer use computers, nor do countless other OS for consumer-use computers. "CONSUMER-USE" is different than those setup for enterprise and other business data related policies for protecting data. Your petty checkbook, hundred-dollar etrades, ebay/PayPal account, etc. aren't being targeted by anyone and a typical thief isn't looking for or know how to use your data. You're more likely to lose your data because you didn't know how to do proper secure backups. If someone wanted to target you, then they'd just take your backup from home. It's JHFS+ encrypted and easier than APFS. Some of these Apple fanboys are ridiculous.

 

[Rigby]

Your browser indexes and caches the content of encrypted web pages and doesn't use encryption.

Secure web pages use Cache-Control headers to prevent sensitive information from being cached on disk. But again, it's a false equivalency anyway since scattering pieces of your encrypted emails unencrypted on the drive violates any reasonable expectation of the user. I consider myself relatively educated in these kind of things and I had no idea that Apple Mail did this.

You're putting words in my mouth. You said that you can't use FDE at all.

I said no such thing.

This is not true. Every corporate environment uses FDE with key escrow. Nobody said anything about the level of key escrow and who has access.

But this is important. If FDE is the only protection, you lose the ability to treat sensitive information differently from all the other stuff on the drive.

Besides, nobody with truly sensitive information would be sending it over public e-mail on a Mac, S/MIME or not.

S/MIME is actually commonly used in corporate environments to protect confidential information.

 

[MacBH928]

Who doesn't have FileVault turned on???

I don't, why should I?
In the past i learned that encryption just make things slower, harder to use, and more prone to failure

 

[Tech198]

This is my only reply to you. You obviously don't know when something is a requirement or isn't and the policies set forth about it. You spread misinformation like many of the other trolls on this site. Also, you wouldn't know when boot drive encryption is necessary. But you can't argue against the fact that Apple doesn't make it a requirement to enable FileVault on their consumer use computers, nor do countless other OS for consumer-use computers. "CONSUMER-USE" is different than those setup for enterprise and other business data related policies for protecting data. Your petty checkbook, hundred-dollar etrades, ebay/PayPal account, etc. aren't being targeted by anyone and a typical thief isn't looking for or know how to use your data. You're more likely to lose your data because you didn't know how to do proper secure backups. If someone wanted to target you, then they'd just take your backup from home. It's JHFS+ encrypted and easier than APFS. Some of these Apple fanboys are ridiculous.

Arguably though he is correct... that IS a work around... BUT not a solution.. For now though kind of over the top to encypt everything on your SSD just because encypted email storage has a bug, but FV would work too in a intrim.

Apple would fix it, so most would just leave "as is"

 

[Gutwrench]

This issue affects a limited number of people in practice, and is not something that macOS users should generally worry about. It requires customers to be using macOS and the Apple Mail app to send encrypted emails.

Does this mean very few use MacOS with Apple Mail? I assumed most Mac owners use Apple a Mail.

 

[Dovydas]

You missed my point. As I said, we index and cache encrypted webpages all the time for user features.

You are assuming, along with Gendler that it is "proper" to completely ignore text in S/MIME e-mails, likely because it has "secure" in the name, when the level of security, use cases, and behavior in comparable systems (HTTPS) don't need it.

Basically, if autocomplete works in HTTPS pages, why shouldn't it work with S/MIME?

And every single e-mail client and webmail app will have the same behavior on compose, since nobody forces you to select S/MIME encryption before composing an e-mail.

I’m pretty sure you missed the point. The email is encrypted then why parts of it are available to the system? We are not discussing encryption reliability. The email is encrypted which means it’s private and should be ignored by the OS as if doesn’t exist when it comes down to indexing. It’s a privacy issue as well as security issue.

 

[Fiachers]

The T2 chip is physical ransomware

How?

 

[Khedron]

How?

Apple says no data can ever be recovered from a failed drive (even when it can) so if you want a backup pay for their iCloud storage

 

[WolfSnap]

Eh.. FileVault FTW.

Seriously, turn on FileVault, then relax knowing that everything, even stupidly stored things, are beyond the ability for anyone to spy on it -- without knowing your computer password.

And, on that note, maybe you shouldn't be using "password" for your password.. Just saying..

 

[Dovydas]

I first wanted to agree with, but konqerror is actually right. S/MIME is used to protect the mail in transit and on the server (!), much like PGP. Once the message is arrived it may as well be stored unencrypted within the mail client/OS -or at least thats the point at which S/MIME is no longer supposed to protect confidentiality.
Anyone with even low level of security requirement has drive encryption on these days.
If you don‘t have drive encryption, you generally risk stuff being indexed in the search database or ending up in some temp folder unencrypted. That‘s exactly what happened here...
Even with Apple Mail not indexing the mails, if the user opens an attachment from an email, or worse, drags it to the desktop, it will get indexed and it will lose it‘s S/MIME encryption. That‘s why S/MIME is only good protection until the mail arrives at its destination. Beyond that, drive encryption or some similar technology needs to take over.

Then it is not a proper encryption.

 

[TETENAL]

Apple says no data can ever be recovered from a failed drive (even when it can) so if you want a backup pay for their iCloud storage

Is iCloud storage the only way to do Mac backups?

 

[KoolAid-Drink]

The Mail team at Apple seems like the odd duck out. They always do things slightly differently. Look at the UI for sending and deleting messages in Mail on iOS... totally different than how you do it in the Messages app.

In a way, it seems the Mail team tries to be on the bleeding edge of UI paradigms. A lot of what they created was later carried into the larger macOS (or OS X at the time).

Encryption on individual emails is an advanced feature that most people would not be using. And yes, everyone should have FileVault enabled!

I agree. I remember way back in Tiger when Mail got a new UI that wasn't standard with the rest of the OS, with an odd toolbar appearance. There were a lot of complaints of the "well-shaped" toolbar icons, which was documented on John Siracusa's review of Tiger (https://arstechnica.com/gadgets/2005/04/macosx-10-4/3/).

Perhaps the Mail team is tasked with trying experimental stuff that wouldn't pass muster in other areas of macOS? That is, if there's even a Mail team anymore, or if the very few engineers working on macOS are, understandably, swamped.

 

[kemal]

I wish I could stand to use Outlook.

 

[extrachrispy]

[...the mail team does nonstandard UI stuff...]

I wish they hadn't removed the shortcut for "view plaintext alternative." Quoted-text marking for GMail messages is broken, for example, if you don't use it. The first level is okay, but nested levels, ach.

I wish I could stand to use Outlook.

It's much better than it used to be. This is not Steve Ballmer's Microsoft.

 

[extrachrispy]

This is a big deal for governments, corporations and regular people who use encrypted email and expect the contents to be protected. Secret or top-secret information, which was sent encrypted, would be exposed via this process and database, as would trade secrets and proprietary data.

This is where Gendler jumped the shark. No one is legally walking around with a laptop with secret or top-secret information on it in any public place. You can't even bring an RFID key fob into a SCIF, and woe betide you if you bring your personal electronic device into one with you. A SCIF is a roach motel for electronics--you're not getting it back out of there.