Quick Look Cache Reveals Sensitive Data From Encrypted Drives

This macOS security vulnerability affects EagleFiler libraries stored on encrypted disks and disk images. EagleFiler makes sure that any cache and temporary files that it creates are stored on the same encrypted volume as the source file. However, the location of the Quick Look cache is not under its control.

EagleFiler uses Quick Look:

  • To generate thumbnails of image files for use as icons in the records list. To avoid the caching issue, you can click this link to tell EagleFiler to use generic icons rather than Quick Look–generated thumbnails. (Click here to go back to the default).

  • To display files when you use the Quick Look command. To avoid the caching issue, you can refrain from using this command.

  • To display certain kinds of image files in the main viewer pane. A future version of EagleFiler will offer a way to use a different image viewing engine if you need to avoid Quick Look for privacy reasons.

  • To display third-party document files in the main viewer pane, using the Quick Look plug-in for that app.

If you have already used Quick Look to display sensitive files stored on an encrypted drive, you will want to delete the contents of the folder:

$TMPDIR/../C/com.apple.QuickLook.thumbnailcache/

The DisplayImagesWithQuickLook esoteric preference is now available.