In OS X Yosemite the company Apple Lossless Audio CODEC (ALAC), radically improved the functionality of the system Spotlight, he is now able to search not only files from Macs, but also applications, music, locations, restaurants, movies and much more. Unfortunately OS X Yosemite Spotlight Search it also has a vulnerability that allows hackers to obtain various information about those who read their spam emails.
The Apple company recommends Mac owners to prevent the uploading of files included in emails received as spam, many of which contain so-called tracking pixels that, when uploaded in an email, collect information about: IP address, OS version X, the browser used and the Quick Look version of the operating system.
The Spotlight preview loads those files even when users have switched off the "load remote content in messages" option in the Mail app, a feature often disabled to prevent email senders from knowing if an email has arrived and if it has been opened. What's more, Spotlight also loads those files when it shows previews of unopened emails that landed directly in the junk folder.
Although activating the option not to upload images in emails protects users from this problem in the Mail application, the Spotlight Search system disregards of this option, so it loads the images. In this idea, spammers can obtain all the data mentioned above when a person searches for an email through Spotlight and reads it directly from there, without opening the Mail application.
The only protection method for users OS X Yosemite is currently blocking the upload of emails in the Spotlight Search system. Apple can quickly solve the problem by forcing Spotlight Search to recognize the setting made for the Mail application, a simple update of the operating system, or a patch released by them immediately solving the problem.
