Apple Blog

Quicklook can compromise the security offered by Filevault

Filevault, the encryption system available in Mac OS X to keep safe the most confidential data of our team could be compromised because of Quicklook . The reason is that Quicklook stores data and document thumbnails in its cache without any encryption.

Therefore, in spite of being in a safe volume, it would be possible to have access to that cache, which would mean a cancellation of part of the security that Filevault offers us. OSXDaily

Quicklook can compromise the security offered by Filevault
Quicklook can compromise the security offered by Filevault

If you want to see the size of the Quicklook cache you must run the Terminal command:

find varfolders -name “*QuickLook*” -exec du -h {} ; 2>devnull

In my case it’s 494 MB of data. Now if we want to go to the folder in question and see its contents we must first enable the display of hidden files. To do this again, using the Terminal, we execute the command:

defaults write com.apple.finder AppleShowAllFiles TRUE

Now we restart the Finder with KillAll Finder, then to hide the sensitive folders again we change TRUE to FALSE.

Once the files are shown, go to the VAR folder and inside to FOLDERS. If we browse through the folders we can access those cache files.

Solution, delete that cache and not use Quicklook something unthinkable for me as it is really useful. At OSXDaily it seems that they consider it a security hole but searching the internet doesn’t seem to have much more information.

Track>
At Apple

Similar Posts