Apple Mail S/MIME
Apple Mail's S/MIME encryption implementation on macOS has been silently failing open. For a really long time. It has been and still is easy to send out letters with encryption just seemingly enabled.
During this period of time I've also acquired a second S/MIME certificate, so these issues are not limited to one keypair. It is however untested if the issue exists with EcDSA certificates.
Initially I only noticed this with text/plain letters, but it got significantly worse with the 12.6.3 Monterey update, failing in all but very few cases (tables below).
There are three Mail configuration options that affect if and when these vulnerabilities occur. The primary one is "Use the same message format as the original message", having this option enabled will override the set compose format and can both down- and upgrade the communication's encryption. The second option is "Preferred Message Format", choosing rich text avoided the bug for a while but there were regressions. Lastly, enabling "Quoting the text of the original message" can leak both previously encrypted content or cause the letter to be forced rich text (text/html or text/html + text/plain).
- Even though settings allow picking between "Plain text" and "Rich text" there are at least three different modes:
- Plain text
- Rich text that can be cleanly represented in plain text (for example just bold text), the letter contains both text/plain and text/html sub-parts
- Rich text that requires the use of HTML (has no fallback)
Behaviour per version
This section will describe the possible incoming letters, the required settings and the final outcome - was the encryption successful or not.
Oldest (macOS 12.3.1)
Version 3696.80.82.1.1
Plain text (text/plain)
Input |
Output |
|---|---|
text/plain |
❌ Fail - Message format is plain text or follow original message format enabled |
text/html |
❌ Fail - Message format must be plain text and follow original message format disabled |
Rich text
Input |
Output |
|---|---|
text/plain |
✔️ Success - Message format is rich text and follow original message format is disabled |
text/html |
✔️ Success - Message format must be rich text or follow original message format enabled and the message must contain elements that require the use of HTML |
Rich text (text/html + automatic text/plain)
Input |
Output |
|---|---|
text/plain |
✔️ Success - Message format is rich text |
text/html |
✔️ Success - Message format must be rich text or follow original message format enabled |
macOS 12.6.2/12.6.3
Version 3696.120.41.1.1 (and 3696.120.41.1.2)
Plain text (text/plain)
Input |
Output |
|---|---|
text/plain |
❌ Fail - Message format is plain text or follow original message format enabled |
text/html |
❌ Fail - Message format must be plain text and follow original message format disabled |
Rich text
Input |
Output |
|---|---|
text/plain |
❌ Fail - Message format is rich text |
text/html |
❌ Fail - Message format must be rich text or follow original message format enabled |
Rich text (text/html + automatic text/plain)
Input |
Output |
|---|---|
text/plain |
✔️ Success - Message format is rich text and follow original message format is disabled |
text/html |
✔️ Success - Message format must be rich text or follow original message format enabled and the message must contain elements that require the use of HTML |
macOS 13.3.1 (a)
Version 3731.500.231 generally works, except when you reply to a message
Plain text (text/plain)
Input |
Output |
|---|---|
text/plain |
❌/⚠️Fail - Partial success if it's not a reply |
text/html |
❌/⚠️Fail - Partial success if it's not a reply |
Rich text
Input |
Output |
|---|---|
text/plain |
❌/⚠️Fail - Partial success if it's not a reply |
text/html |
❌/⚠️Fail - Partial success if it's not a reply |
Rich text (text/html + automatic text/plain)
Input |
Output |
|---|---|
text/plain |
❌/⚠️Fail - Partial success if it's not a reply |
text/html |
❌/⚠️Fail - Partial success if it's not a reply |
Short summary per version
- Mail 16.0 (3696.80.82.1.1) - Generates invalid signatures for text/plain messages. Fails to encrypt text/plain messages sending them out in plaintext. Upgrade to rich text or fully HTML emails work.
- Mail 16.0 (3696.120.41.1.1) - Fails to encrypt text/plain messages. Fails to encrypt letters that are rich text without components that would require HTML. HTML letters are encrypted properly.
- Mail 16.0 (3696.120.41.1.2) - Same as 3696.120.41.1.1
- Mail 16.0 (3731.500.231) - Fails to encrypt replies
Timeline
Generally Apple's responsiveness has been disappointing. The issue was resolved after more than 434 days.
- 07.04.2022 - Reported Apple Mail generating invalid S/MIME signatures for text/plain letters
- 07.04.2022 - Reported Apple Mail failing to encrypt text/plain letters, falling back to plaintext
- 27.04.2022 - Apple saying invalid text/plain S/MIME signatures are only considered a bug
- 02.09.2022 - Claim from Apple about the next beta update fixing the encryption issue
- 03.10.2022 - Reported that there's a significant regression with build 3696.120.41.1.1
- 20.12.2022 - Claim from Apple about the next beta update fixing the issue
- 12.01.2023 - Reported that the regression is still there
- 27.01.2023 - Claim that Ventura (13.2) Mail version 16.0 (3731.400.51.1.1) fixes the issue
- 02.02.2023 - Reported that my Intel Mac doesn't support Ventura and that the latest Monterey still has the issue
- 27.02.2023 - Request for a follow-up
- 31.03.2023 - Acquired a Macbook with Ventura (13.3) and reported Mail Version 16.0 (3731.500.231) still has the issue
- 14.09.2023 - Apple says that they still have security updates planned that will ship in the fall
- 27.09.2023 - Update release notes do not mention the flaw being fixed
- 27.09.2023 - Apple says that they still have updates planned for the near future
- 30.10.2023 - Request for update
- 31.10.2023 - Apple says they have published a notice (https://support.apple.com/en-us/HT213844) and assigned CVE-2023-40440 (https://nvd.nist.gov/vuln/detail/CVE-2023-40440)