Recent Comments

No comments to show.
Recent Comments

    watchOS 8.5 Fixes Mail Privacy Protection Loophole That Could disclose IP Addresses

    watchOS 8.5 Fixes Mail Privacy Protection Loophole That Could Expose IP Addresses

    watchOS 8.5 fixes a security vulnerability in the Mail app that could leak a user’s IP address when downloading remote content, security researchers have found.
    iOS 15: How to Prevent Emails From Tracking You With Mail Privacy Protection
    The feature works by routing all content downloaded by the Mail app through multiple proxy servers to strip your IP address, and then it assigns a random IP address that corresponds to your general region, making email senders see generic information rather than specific information about you.
    Apple’s legal documentation on Mail Privacy Protection indicates that the feature is available for iPhone, iPad, and Mac only, but security researchers and developers Talal Haj Bakry and Tommy Mysk discovered that since the Apple Watch does not hide a recipient’s IP address, it can compromise the overall security provided by Mail Privacy Protection.
    The Apple Watch downloads remote content, such as images, using the recipient’s real IP address, both when receiving a Mail notification and when opening an email, meaning that even for users who had enabled Mail Privacy Protection on their iPhone, their IP address can be exposed.
    While Mail Privacy Protection is a feature exclusive to iOS 15, iPadOS 15, and macOS Monterey, the fact that simply receiving a Mail notification on the Apple Watch could reveal a user’s IP address and bypass Mail Privacy Protection on other devices seemed to be an oversight. Now, Bakry and Mysk have found that Apple has fixed the issue in watchOS 8.5.

    Good news: As of iOS 15.4 and watchOS 8.5 the Mail app on the watch no longer leaks the IP address when downloading remote content. Remote content is blocked on the watch even when Mail Privacy Protection is on. Now you get this prompt: – Mysk (@mysk_co) March 14, 2022
    As of watchOS 8.5, loading remote content is automatically blocked on the Apple Watch, and instead provides an option to “Load Content Directly.” Users can also select “Always Load Content Directly” for all new emails or “Ask to Load Content” on a per-email basis. The improvement was not included in watchOS 8.5’s release notes.
    watchOS 8.5 was released to the public yesterday and the update brings a number of other improvements, including updates to irregular heart rhythm notifications designed to improve atrial fibrillation identification, audio hints in Apple Fitness+ workouts, the ability to authorize Apple TV purchases and subscriptions, and the ability to restore an Apple Watch using an iPhone.