While there’s no big fix for the issue, we’ve got instructions for how to clear those data-leaking files from your system. This month, a pair of security experts, Patrick Wardle and Wojciech Regua, explained on their own blogs how the flaw came out of a simple, seemingly innocuous OS X/macOS function. Quick Look allows you to preview any file on a Mac by selecting it and hitting the Space bar. MORE: Why I’m Ditching My MacBook Pro for the MateBook X Pro In his explanation, Regula shows how Quick Look creates a smaller, still legible, version of each previewed file. You don’t even need to manually use Quick Look, though. Wardle, who incorporated Regula’s own blog posting into his own, showed that the thumbnail of an encrypted text file will reveal at least the first line of text. Wardle also found that plugging an encrypted USB drive to your PC will create readable files in the directory that Quick Look uses as a repository on the main, unencrypted hard drive. You don’t even have to open the USB drive in Finder, or preview its contents. Anyone who got access to the machine could view the file list of the unencrypted USB drive, even after it had been unplugged. What to do For now, all you can do is erase the thumbnails that have been created, because macOS doesn’t provide an option to end this behavior. Hopefully, Apple will change the way Finder operates so that it stops creating these privacy leaks. Note: your system will reboot once you finish these steps.

  1. Eject the encrypted drive(s).
  2. Click the Spotlight icon.
  3. Type ’terminal’ and open Terminal.
  4. Paste in the below text and hit enter. rm -rf $TMPDIR/../C/com.apple.QuickLook.thumbnailcache
  5. Paste in the below test — which will lead to your system resetting — and hit enter. sudo reboot 6. Enter your password and hit Return. This isn’t exactly new This problem has cropped up before, even if it hasn’t been widely publicized. A 2010 article in OSXDaily.com explained the problem, although that piece assumed that the user would have to preview the file for a thumbnail to be created.  Regula said that viewing cached thumbnails is apparently a known technique among forensic examiners, even though he didn’t know about it before. It could be used to help determine the contents of encrypted files and folders created by a person who was trying to stay private.  We’ve reached out to Apple for comment, and will update this story when we receive a response. Credit: Ink Drop / Shutterstock

macOS Guide

Previous TipNext Tip

How to Password Protect a Folder in a MacHow to Force Quit or Close Frozen ApplicationsMove Your Mac files to a Windows PCHow to Dual-Boot Windows and macOSIncrease the Text Size on Your MacInstall or Uninstall Mac AppsHow to Eject USB Devices and Memory Cards in macOSSwitch Between Open Apps in macOSHow to Unlock a MacBook with Your Apple WatchClean Out Your macOS LaunchPadHow to Use Trackpad Gestures to Navigate macOSHow to Use Right-Click in macOSUse Siri on Your MacHow to Customize the Notification CenterAdd a Signature to PDFs with Mac PreviewUse Memories in the Photos App on MacHow to Use Night Shift in macOSHow to Change Your Mac’s PasswordHow to Edit Siri’s Activation Keyboard Shortcuts on macOSChange Views in FinderUse macOS Dark ModeTransfer Files with AirDropHow to Use Mission Control on a MacUse Optimized StorageHow to Enable Parental Controls on a MacHow to Mark Up PDFs in macOSBack Up Mac with Time MachineHow to Use Dictation on a MacHow to Use the macOS FeatureUse Apple Pay in macOSHow to Block Websites on Your Mac