One of the most important features in Apple’s Yosemite desktop operating system is the new Spotlight search, which offers users quick access to apps and files on a Mac and also a fast way of accessing certain online resources. But Spotlight apparently has a flaw that can expose certain personal details to spammers and thus disregard the privacy settings chosen by the user.
Detailed initially by German security publication Heise, the Spotlight flaw is actually rather simple. Spotlight shows previews of searched items to the user, including images in emails on the Mac.
When that happens, spammers and online marketers who send images in emails with the purpose of tracking users can get information such as IP addresses and the number of times an image is seen by the user.
Even if users disable image previews in mail apps, thus preventing such third-parties for collecting personal data, Spotlight disregards those settings, choosing to still load preview images from those emails, including the actual images in emails. Even if an email lands in the junk email folder, a preview of it is still shown when it matches certain searches performed by the user.
As Ars Technica points out, it’s not clear if Spotlight’s preview features also overrides any similar image blocking in other apps.