Apple has a nasty security bug to fix that cannot wait

Jan 10, 2015 10:12 GMT  ·  By

A serious vulnerability found in OS X’s flagship Spotlight feature that searches and summons files across the entire operating system is in dire need of patching, making it imperative for Apple to roll out its 10.10.2 update in the coming days.

An impending new incremental update currently being tested internally, OS X 10.10.2, might need to be rushed out as early as Monday to resolve the newly discovered Spotlight flaw, which we dub "Spotleak" for our reporting.

Apple hasn’t been aware of "Spotleak" so far

The privacy glitch can be exploited via Spotlight searches, which index emails (if the user chooses to have certain settings activated), among other personal files on the computer. The vulnerability can disclose the IP address, OS X version, browser data, and other stuff.

If the focus areas listed for each 10.10.2 beta are any indication, Apple had no idea how Spotlight could be exploited to squeeze sensitive information out of a user’s Mac. The focus areas listed for OS X 10.10.2 builds are Wi-Fi, Mail, and VoiceOver. While the security issue may also seem tied to Mail.app, its cradle is actually Spotlight.

Expect 10.10.2 next week

Apple generally doesn’t rush out individual security updates for bugs found in standalone components of the Mac operating system. It prefers to close these holes using its regular system updates that come by once every two or three months.

The California giant is currently being testing OS X 10.10.2 internally. While its release schedule has not been disclosed, the update could be prepared for release in the coming days. Sources say that Apple is also gearing up to release iOS 8.1.3, a maintenance update for iDevice users, next week.