Jump to content

macOS 'Quick Look' exploit could reveal all your encrypted data

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Rookie

sincity

Posted
Posted

Quick Look is one of macOS’s most convenient features, but one developer has proven it’s also extremely vulnerable to hacking.

Apple's Quick Look mechanism generates and caches thumbnails of files, images, folders and other data to give users fast and easy access. That’s generally what Quick Look does with all your files, but a security researcher named Wojciech Regula realized the feature is doing the same thing with all your encrypted data and saves those said thumbnails to an unencrypted location.

This vulnerability would allow a hacker to easily capture snippets of original files, including those contained in encrypted containers, simply by rooting out Quick Look’s cache of thumbnails.

Mo’ speed, mo’ problems

Regula simulated such a hack by uploading two images into two separate encrypted containers, one encoded in VeraCrypt and another with macOS Encrypted HFS+/APFS. Using simple commands, the researcher both images through their file paths, allowing him to access a miniature version of the original files.

As if seeing thumbnails images of your private images wasn’t bad enough, Regula also showed how the Quick Look’s backend can also reveal sensitive documents. Unfortunately, Quick Look also does a great job of caching any additional drives you might have plugged into your Mac, so files stored on thumb drives or external hard drives.

So what can you do? Fortunately, users can secure their encrypted files by manually clearing the Quick Look and unmount their encrypted container and Regula notes that Apple has even made a utility called ‘qlmanage’ just for this task.

It seems like the best way to keep your data secure from Quick Look is to completely divorce it from your Mac – which isn’t convenient at all. So hopefully Apple releases a fix for this vulnerability in a near future macOS update.

Via AppleInsider

-shn4gxoKdY

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept