Skip to main content

macOS 'Quick Look' exploit could reveal all your encrypted data

macOS Quick Look hacking
Audio player loading…

Quick Look is one of macOS’s most convenient features, but one developer has proven it’s also extremely vulnerable to hacking.

Apple's Quick Look mechanism generates and caches thumbnails of files, images, folders and other data to give users fast and easy access. That’s generally what Quick Look does with all your files, but a security researcher named Wojciech Regula (opens in new tab) realized the feature is doing the same thing with all your encrypted data and saves those said thumbnails to an unencrypted location.

This vulnerability would allow a hacker to easily capture snippets of original files, including those contained in encrypted containers, simply by rooting out Quick Look’s cache of thumbnails.

Mo’ speed, mo’ problems

Regula simulated such a hack by uploading two images into two separate encrypted containers, one encoded in VeraCrypt and another with macOS Encrypted HFS+/APFS. Using simple commands, the researcher both images through their file paths, allowing him to access a miniature version of the original files.

As if seeing thumbnails images of your private images wasn’t bad enough, Regula also showed how the Quick Look’s backend can also reveal sensitive documents. Unfortunately, Quick Look also does a great job of caching any additional drives you might have plugged into your Mac, so files stored on thumb drives or external hard drives.

So what can you do? Fortunately, users can secure their encrypted files by manually clearing the Quick Look and unmount their encrypted container and Regula notes that Apple has even made a utility called ‘qlmanage’ just for this task.

It seems like the best way to keep your data secure from Quick Look is to completely divorce it from your Mac – which isn’t convenient at all. So hopefully Apple releases a fix for this vulnerability in a near future macOS update.

Via AppleInsider (opens in new tab)

Kevin Lee
Kevin Lee

Kevin Lee was a former computing reporter at TechRadar. Kevin is now the SEO Updates Editor at IGN based in New York. He handles all of the best of tech buying guides while also dipping his hand in the entertainment and games evergreen content. Kevin has over eight years of experience in the tech and games publications with previous bylines at Polygon, PC World, and more. Outside of work, Kevin is major movie buff of cult and bad films. He also regularly plays flight & space sim and racing games. IRL he's a fan of archery, axe throwing, and board games.