Glitch in OS X search can expose private details of Apple Mail users
A glitch in the search software in Apple’s OS X Yosemite can expose private details of Apple Mail users, revealing their IP address as well as other system details to spammers, phishers and online tracking companies.
The potential privacy risk appears when people use the Spotlight Search feature, which also indexes emails received with the Apple Mail email client. When searching a Mac, Spotlight shows previews of emails and when it does this, it automatically loads external images linked in HTML email.
The Spotlight preview loads those files even when users have switched off the “load remote content in messages” option in the Mail app, a feature often disabled to prevent email senders from knowing if an email has arrived and if it has been opened. What’s more, Spotlight also loads those files when it shows previews of unopened emails that landed directly in the junk folder.