The Quick Look function is included in macOS in very old versions of the Mac operating system. Perhaps by the name you do not have it fully identified, but it is the function that allows us to quickly see the content of the files, without having to resort to the application that opens them by default. Just by clicking on the file and in the space bar, the file is displayed.
Well, Quick Look would have been vulnerable for years and could show confidential information from encrypted files, according to a recently discovered security hole. We know him from a publication.
On the blog, the researcher Wojciech Regula warns us of the security breach. The ruling has been with us for more than a decade. The article, written by Patrick Wardle, had the collaboration of Regula, who gave a technical explanation of the error. The article, published was published on The Hacker News last Monday.
Technically, when we invoke the Quick Look service, thumbnails of files, images, audio content, video are generated, which are cached for quick access. These fast access files are not strongly encrypted (although the source file was) which leave its content in view, if someone knows where to look inside our Mac.
In the words of the researcher:
This means that all the photos that you have previewed using space (or QuickLook cached them independently) are stored in that directory as a thumbnail.
And therefore, exposed to the view of third parties. Regula, made the appropriate checks, to show that his statement was true. He encrypted some photos with VeraCrypt and others with macOS Encrypted HFS + / APFS. He demonstrated with a simple command that he could access the photos.
This problem should be relatively easy for Apple to fix., which we understand will be working on solving the problem. Meanwhile, having a well-maintained Mac with relatively clean caches is a timely solution.