Your Mac is always making thumbnails and previews for Quick Look, and those same previews cache information you might prefer to keep secret.

The problem comes when you browse an encrypted disk image, or any encrypted drive, using the Finder. Previews are created every time you press space to preview a file, and in same cases even if you don’t. These previews are cached an unencrypted folder on your computer, meaning at least some information is recoverable without access to the encrypted disk image or drive.

Wojciech Reguła, writing for Objective-See:

However, if an attacker (or law enforcement) has access to the running system, even if the password-protected encrypted containers are unmounted (as thus their contents ‘safe’), this caching ‘feature’ can reveal their contents. In other words, the increased security encrypted containers were thought to provide, may be completely undermined by QuickLook.

The full writeup is well worth checking out, if you’re interested in information security at all. Apple employees, at the very least, should read this and change how caching works for encrypted disk images, because this is a breach that needs patching ASAP.

Justin Pot Justin Pot
Justin Pot has been writing about technology for over a decade, with work appearing in Digital Trends, The Next Web, Lifehacker, MakeUseOf, and the Zapier Blog. He also runs the Hillsboro Signal, a volunteer-driven local news outlet he founded.
Read Full Bio »