Spotlight for OS X Yosemite has glitch that may expose your info

If you use Spotlight search in OS X Yosemite, we encourage you to stop and read this before you proceed. A glitch has been discovered that could give up sensitive info about your location without your knowledge. The info finds its way to hackers via spamming, where those who find themselves in your email box may then see their way to Spotlight search. In Spotlight, the email sender can gain access to your IP address as well as system details.

Luckily (or maybe not) this has only been proven for Apple Mail users. If you use a third-party email client like AirMail, you're fine.

Spotlight is OS X Yosemite's searchable database for just about everything that goes on with your Mac, at least via Apple products. With Apple Mail, Spotlight automatically loads external images linked to an HTML email. It also sidesteps an Apple Mail security feature, which is the real issue.

In Apple Mail, users can opt to disable the loading of remote content in messages (like those linked to an HTML email). Spotlight ignored this feature, which is often instituted to prevent senders from knowing if you've opened their message or not.

Spotlight loads previews of emails, which automatically loads the images, and thus gives spammers access to your IP address and other system info. It can also make that info available to marketing agencies which embed email tracking info to know if you're seeing their messages.

Source: Heise