OS X Spotlight Glitch Exposes IP Addresses and Other System Details to Spammers - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

OS X Spotlight Glitch Exposes IP Addresses and Other System Details to Spammers

by

A privacy glitch in Spotlight search for OS X may leak private details, including IP addresses, to email spammers. The flaw was first reported by German tech news site Heise and replicated in tests performed by IDG News Service.

spotlight-search
The issue affects OS X mail users who have followed conventional security recommendations to turn off the "load remote content in messages" option in the Mail app. This setting prevents the loading of remote content such as images, including "tracking pixels" that are used by spammers to harvest information when people open an email.

A glitch arises when OS X Mail users utilize Spotlight search in OS X, which includes emails in the search results. Spotlight ignores the remote content block preference from Mail and loads the remote email files as part of the search process. Once Spotlight loads one of these tracking pixels, spammers can glean details such as the IP address, OS X version, browser details, and the version of Quick Look being used.

The Spotlight preview loads those files even when users have switched off the "load remote content in messages" option in the Mail app, a feature often disabled to prevent email senders from knowing if an email has arrived and if it has been opened. What's more, Spotlight also loads those files when it shows previews of unopened emails that landed directly in the junk folder.

Currently, the only way to block this information leak is to block Spotlight from including emails in search results entirely by opening System Preferences and unchecking the "Mail & Messages" option for Spotlight. Apple has yet to comment on this Spotlight privacy glitch.

Tag: Spotlight
Related Forum: OS X Yosemite

Popular Stories

Apple Card iPhone 16 Pro Feature

Apple Card Promo to Offer Free AirPods Pro 3

Friday May 15, 2026 8:59 am PDT by
Starting as early as next week, customers who sign up for an Apple Card at Apple's retail stores in the U.S. will receive $249 cash back when they purchase AirPods Pro 3, according to Bloomberg's Mark Gurman. The promotion has yet to be officially announced by Apple, so exact terms and conditions are not available at this time. AirPods Pro 3 are priced at $249 in the U.S., so customers who...
Read Full Article46 comments
Apple WWDC25 iOS 26 CarPlay Light mode 250609

Six Popular iPhone Apps Now Available on CarPlay

Thursday May 14, 2026 9:10 am PDT by
Apple's CarPlay system for accessing iPhone apps on a vehicle's dashboard screen has received six popular apps in recent weeks: ChatGPT, Perplexity, Grok, Google Meet, WhatsApp, and the indie artist streaming platform Audiomack. Make sure you have the latest version of each app and they will automatically appear on CarPlay. ChatGPT Starting with iOS 26.4, CarPlay supports voice-based...
Read Full Article29 comments
ipad mini 7 blue

OLED iPad Mini: Release Date, Pricing, and What to Expect

Thursday May 14, 2026 5:08 am PDT by
According to the latest rumors, Apple is close to launching its next-generation iPad mini. So what should we expect from the successor to the iPad mini 7 that Apple released over a year ago? Read on to find out. Processor and Performance Apple is working on a next-generation version of the iPad mini (codename J510/J511) that features the A19 Pro chip, according to information found in code...
Read Full Article87 comments

Top Rated Comments

thejadedmonkey Avatar
thejadedmonkey
148 months ago
Oh for goodness sake, don't let them know my version is Yosemite and what browser I'm using! And, *gasp*, the version of QUICK LOOK?! This is an outrage.

/s
I don't think you understand what the article means.

Let me explain. If you block the tracking pixel from loading, the spammer will never realize that you received the email, and may eventually stop sending them. If they do realize that you receive the email, then they can get your IP address, know that the email address is valid, cross reference your purchasing habits with your IP address, and target you specifically with Facebook ads.

That's a major gaping privacy hole in OS X that needs to be patched.
Score: 46 Votes (Like | Disagree)
joshwenke Avatar
joshwenke
148 months ago
Oh for goodness sake, don't let them know my version is Yosemite and what browser I'm using! And, *gasp*, the version of QUICK LOOK?! This is an outrage.

/s
Score: 11 Votes (Like | Disagree)
DarkCole Avatar
DarkCole
148 months ago
Well thanks for the heads up, I've unchecked the setting in Spotlight.
Score: 8 Votes (Like | Disagree)
S
samcraig
148 months ago
As I've said before in other threads. Regardless of whether or not this is "harmful" to some or all - if there's a security issue and it's known, it should be fixed. End of story. No judgement. Simple as that.
Score: 7 Votes (Like | Disagree)
brentmore Avatar
brentmore
148 months ago
Yet another reason why Little Snitch is my favorite tech tattletale.
Score: 7 Votes (Like | Disagree)
B
BlendedFrog
148 months ago
Another reason not to use the crappy mail app. Now I know why I have always stuck to using the webmail interface.

Will Apple ever get their act together and overhaul the damn app and actually make it usable?
Score: 7 Votes (Like | Disagree)
Read All Comments