watchOS 8.5 Fixes Mail Privacy Protection Loophole That Could Expose IP Addresses

watchOS 8.5 fixes a security vulnerability in the Mail app that could leak a user's address when they download remote content.

The Mail Privacy Protection feature was undermined by a lack of Apple Watch support. Mail Privacy Protection is a new feature that hides your email address so senders are not able to determine your location or link email habits to your other online activity. It prevents senders from knowing whether you opened an email, viewed an email, or forwarded an email.

The feature assigns a random address to your general region in order to make email senders see generic information rather than specific information about you.

The Apple Watch does not hide a recipient's internet address, but security researchers and developers Talal Haj Bakry and Tommy Mysk discovered that since the Apple Watch does not hide a recipient's internet address, the feature is only available for iPhone, iPad, and Mac only.

Mail Privacy Protection on the ios is enabled, but the Apple watch downloads remote content, such as images, using the recipient's realip address, even for users who have enabled it.

Mail Privacy Protection is exclusive to ios 15, ipadOS 15, and macOS Monterey. Apple has fixed the issue in watchOS 8.5, according to Bakry and Mysk.

Good news: As of iOS 15.4 and watchOS 8.5 the Mail app on the watch no longer leaks the IP address when downloading remote content. Remote content is blocked on the watch even when Mail Privacy Protection is on. Now you get this prompt: https://t.co/Ocs0iXt4YM pic.twitter.com/Yea2fQxWlO — Mysk 🇨🇦🇩🇪 (@mysk_co) March 14, 2022

Load remote content is blocked on the Apple Watch, and users can choose to load it directly. The improvement was not included in the release notes.

watchOS 8.5 was released to the public yesterday and brings a number of other improvements, including updates to irregular heart rhythm notifications, audio hints in Apple Fitness+ workouts, the ability to authorize Apple TV purchases and subscriptions, and the ability to restore an Apple Watch.