Apple macOS ‘Quick Look’ Bug Allows Access to Thumbnail Caches from Encrypted Drives

Quick Look - macOS

Apple’s macOS has a neat feature known as “Quick Look” allowing you to preview an image by tapping the space bar. This feature works even when you’re using an external storage drive on your Mac. It has now come to light that the system stores caches of these thumbnails even after a storage drive is unmounted, raising serious security concerns.

The issue was first brought to light by security researcher Wojciech Regula and subsequently by Patrick Wardle. The concern here is that the Mac stores these thumbnail caches even if it belongs to an encrypted drive. This effectively means that even if you have unmounted an external storage device, there is going to be a repository of all the thumbnail images in an unsecure location.

“It means that all photos that you have previewed using space (or Quicklook cached them independently) are stored in that directory as a miniature and its path. They stay there even if you delete these files or if you have previewed them in encrypted HDD or TrueCrypt/VeraCrypt container,” Regula said.

Surprisingly, the issue has been around for at least eight years now, although Apple has done little to fix this. “The fact that behavior is still present in the latest version of macOS, and (though potentially having serious privacy implications), is not widely known by Mac users, warrants additional discussion,” says Wardle.

Wardle recommends users to manually erase the Quick Look cache to avoid a privacy breach on your personal computer. He has listed out the steps to clear the cache on his official website.

Apple recently launched macOS 10.14 Mojave with a flurry of new features. It is hoped that the company patches this serious bug before it catches more traction in the tech sphere.

Were you aware of this vulnerability within macOS?

[Via MacRumors]