iOS and watchOS Updates Fix IP Address Leaks in Mail on Apple Watch
16 MARCH 2022 - Great news from this week’s updates. The watchOS 8.5 update and the iOS 15.4 update fix an information leak tied to Mail on Apple Watch.
“Last year,” says a piece from MacRumors, “it emerged that Apple's Mail Privacy Protection feature was undermined by a lack of Apple Watch support.” Basically, a researcher named Tommy Mysk found out that, if you had email activated on Apple Watch, the device was downloading all of the remote content associated with an email using a users actual IP address — even if they had Mail Privacy Protection turned on on iPhone. That happened even if the user didn’t open the email, basically undoing Mail Privacy Protection. We actually talked a lot about this on an episode of The. Checklist by SecureMac: Checklist 256 - A Lack of Mail Privacy Protection. At the time, the only way to keep Mail Privacy Protections in place was by disabling Mail notifications on Apple Watch. Now though, Apple has quietly fixed the issue. MacRumors had Mr. Mysk, one the guys who found the issue in the first place posting about the fix. Yesterday on Twitter he said:
Good news: As of iOS 15.4 and watchOS 8.5 the Mail app on the watch no longer leaks the IP address when downloading remote content. Remote content is blocked on the watch even when Mail Privacy Protection is on.