Apple's Spotlight app on OS X Yosemite is currently being plagued by a privacy issue, Intego reports.
For anyone unfamiliar with the Spotlight software, it is a tool built in the system that lets users search for anything stored on their device.
The issue starts with a single HTML email sent to a user. Many spammers and marketers include tracking pixels into the email messages they send, and these can be used to track the open-rate of these sent messages. Nonetheless, this alone isn't the only thing that can be tracked by these tracking pixels. The sender, through server logs, can find out the specific email address used to open the email, and most alarmingly, discover the IP address of the receiver.
In line with this, many privacy concerned users of Apple Mail have set the application to not "load remote content in messages." This therefore blocks the sender of the message of any personal information.
Unfortunately, the privacy problem isn't over yet. It has been discovered that the Spotlight search feature on the OS bypasses this Apple Mail setting to not load images from external content. This results to messages being displayed full-blown on the app's search preview, including embedded images.
Spotlight will even display a preview of the messages that have been placed in the junk folder. Intego quotes IDG, which also reported on the issue:
The Spotlight preview loads those files even when users have switched off the “load remote content in messages” option in the Mail app, a feature often disabled to prevent email senders from knowing if an email has arrived and if it has been opened. What’s more, Spotlight also loads those files when it shows previews of unopened emails that landed directly in the junk folder.
Because of this, private data from the receivers can still be exposed to the senders, and can be used to hack computer systems and even send malware.
It has been advised to tick off the "Mail and Messages" box in the Spotlight settings which can be found in System Preferences. This turns off the preview of email messages, keeping users safe from potential hackers, stalkers, and spammers.