The vulnerability exists in at least the last four versions of macOS, ranging from Sierra to Catalina.

This isn’t as glaring a flaw as it sounds. To be vulnerable, you’d have to use Mail, send encrypted messages from Mail and leave FileVault’s whole-drive encryption turned off. If you rely on a third-party email client or use FileVault, you’re not affected. You can also remove Mail from snippets.db by going to System Preferences > Siri > Siri Suggestions & Privacy > Mail and switching off the “learn from this app” option. It’s not clear when the patch will be ready, but you won’t have to stay exposed in the meantime.

Nonetheless, this isn’t what you’d call confidence-inspiring. Gendler noted that he reported the issue on July 29th, and that Apple didn’t respond with a solution until November 5th. That’s a long time to leave email content exposed, even if the likelihood of an attack is slim in practice. It suggests that Apple still has room to speed up its responses to vulnerabilities.