Spotlight security bug exposes OS X Mac IP address, OS version and browser details: How to fix

A new Spotlight bug in OS X Yosemite has reportedly been found compromising the victim's privacy settings in Apple Mail through a backdoor created for spammers, phishers and online advertising-companies.

The backdoor in OS X Mail is found to leak other private data from affected devices such as current operating system installed, browser and surfing details along with other remote content spamming through e-mails.

According to German technology news site Heise, the bug takes advantage of a common information harvesting technique and a Mail setting, which decides if the program needs to load remote content in emails or just block third-party content such as newsletters, HTML-formatted marketing messages and more when the option is turned off by the user.

As iDownloadBlog reports, the Spotlight setting in OS X fails to disable third-party content even after unchecking this option via Spotlight's search settings (see screenshot below).

In other words, Spotlight's search mechanism retrieves images and info stored on remote servers regardless of Mail's privacy setting, which could become a major exploit for spammers and advertisers as they use a technique called 'tracking pixels' to communicate the e-mail address and other system-related information to the server.

Consequently, this could compromise the affected user's privacy and security, as there will be no check to prevent unsolicited emails or adverts from third-party sources, besides leaving confidential info out in the open.

How to fix Spotlight bug in OS X Yosemite

It is possible to evade this issue by excluding Mail service from the Spotlight Search function through unchecking the Mail and Messages box via System Preferences > Spotlight.

Alternatively, affected OS X Mail users could switch to third-party apps such as Dropbox's Mailbox, Google's Sparrow or Mindscene's Mail Pilot to avoid this issue completely.