A new Spotlight bug in OS X Yosemite has reportedly been found compromising the victim's privacy settings in Apple Mail through a backdoor created for spammers, phishers and online advertising-companies.

The backdoor in OS X Mail is found to leak other private data from affected devices such as current operating system installed, browser and surfing details along with other remote content spamming through e-mails.

According to German technology news site Heise, the bug takes advantage of a common information harvesting technique and a Mail setting, which decides if the program needs to load remote content in emails or just block third-party content such as newsletters, HTML-formatted marketing messages and more when the option is turned off by the user.

As iDownloadBlog reports, the Spotlight setting in OS X fails to disable third-party content even after unchecking this option via Spotlight's search settings (see screenshot below).

Spotlight security bug exposes OS X Mac IP address, OS version and browser details: How to fix
Spotlight security bug exposes OS X Mac IP address, OS version and browser details: How to fix

In other words, Spotlight's search mechanism retrieves images and info stored on remote servers regardless of Mail's privacy setting, which could become a major exploit for spammers and advertisers as they use a technique called 'tracking pixels' to communicate the e-mail address and other system-related information to the server.

Consequently, this could compromise the affected user's privacy and security, as there will be no check to prevent unsolicited emails or adverts from third-party sources, besides leaving confidential info out in the open.

How to fix Spotlight bug in OS X Yosemite

Spotlight security bug exposes OS X Mac IP address, OS version and browser details: How to fix
Spotlight security bug exposes OS X Mac IP address, OS version and browser details: How to fix

It is possible to evade this issue by excluding Mail service from the Spotlight Search function through unchecking the Mail and Messages box via System Preferences > Spotlight.

Alternatively, affected OS X Mail users could switch to third-party apps such as Dropbox's Mailbox, Google's Sparrow or Mindscene's Mail Pilot to avoid this issue completely.