Home / Tech Gadgets & Electronics / iPhone / A bug in Preview allows access to encrypted data stored in the Mac’s cache
A bug in Preview allows access to encrypted data stored in the Mac's cache

A bug in Preview allows access to encrypted data stored in the Mac’s cache

Preview is one of the most useful tools of the Mac. Just pressing the spacebar on a file allows us to see its expanded content without having to open it. This tool is present in macOS for many years, but also a small bug that allows you to reveal information even when it is encrypted.

This new bug was discovered earlier this month by security expert Wojciech Regula and it has been Patrick Wardle who has given more details about it recently. In general, Preview stores data files even if they have been encrypted or deleted from the computer . Why? By the program’s cache.

For Preview to generate (literally) previews, what it does is index all the content that enters the computer and is available in the Finder. Therefore, if you insert an external storage unit as a USB stick , it will scan it and store in its cache a preview of the items that are in the external unit. The security hole? This cache is maintained despite ejecting the storage unit or deleting the files, even when the files are encrypted.

Quicklookbug 800x490

The security hole is not new , it is more than eight years old and it is not the first time it comes to light . Although its consequences do not seem so serious, for an external agent it is quite valuable information. For example, you can have a complete history of all the files and routes that have passed through the Mac in recent times. It also allows to extract relevant information from those files, since there is a preview and stored metadata.

How to prevent Preview from storing this data

The data stored in the Preview cache works in a similar way to the data that is stored in any cache: they are temporary. This means that manually deleting the cache, restarting the computer or encrypting the storage disk will no longer be available. To clean the cache manually use the following command in Terminal: $ rm -rf $ TMPDIR /../ C / com.apple.QuickLook.thumbnailcache Then apply a reboot : $ sudo reboot .

Screenshot 2018 06 19 At 10 16 06

However, my recommendation is always to have the storage disk of the Mac encrypted , this can be done from System Preferences> Security and Privacy> FireVault. Of course, keep in mind that as you lose the master password, you will lose everything inside the Mac.

More information | Patrick Wardle

About Nick Fury

Hi, I am Nick! Apart from being a loving husband and a father of one, I dedicate myself to manage a company full time. Writing is my passion, I started writing a blog some 10 years ago, now reviving this passion again, I would love to express my views and takes on day to day stuff, hope you guys enjoy! Do share your thoughts.

Check Also

How to Take a Screenshot on iPhone X

How to Take a Screenshot on iPhone X

Until the iPhone X arrived , the way of capturing screens on an iPhone was always the same: …

%d bloggers like this: