As part of its efforts to increase the privacy of its products, Apple introduced, with iOS/iPadOS 15 and macOS Monterey 12, the Application Mail Privacy Protection (Email Privacy Protection) — which, in short, hides the user’s IP address and loads content remotely privately, blocking your activity from being tracked through incoming messages.
Shortly after its launch, however, research revealed that the app Mail for watchOS continued to leak users’ IP address even with the feature enabledwhich could compromise its effectiveness on all devices. With yesterday’s launch of watch OS 8.5however, Apple appears to have finally patched this vulnerability.
The discovery of the patch was made by security research duo Bakry and Misk, who were responsible for disclosing the flaw in November last year. According to them, the version of the Mail app for watchOS now blocks the download of any remote content included in incoming emails (like images, for example) by default — that’s when the Email Privacy Protection it’s on.
If you still want to open the content contained in the messages, just tap on the “Download content directly” option to view it directly from your watch. It is always possible to choose between always downloading content automatically or only if the user allows it.
Although not included in the watchOS 8.5 release notes, the patch is timely and addresses one of the major vulnerabilities in Apple’s native email client.
In addition, the new version of the system that equips Apple Watches is coming with new emojis, new atrial fibrillation identification notifications and more. If you haven’t updated your watch yet, learn how to install the update in this post.