Apple's Spotlight search tool is better than it's ever been on OS X Yosemite, pulling in reams of web information as well as trawling your machine for local content too. But it's also carrying a serious flaw that could expose your data to unsavoury hacker types.
The bug is centred around Apple Mail -- as Spotlight Search indexes emails received within Apple's email client, it also shows previews of emails, including images in HTML messages. This is risky business -- tracking pixels can be inserted into images, revealing user data to the sender. Whereas you may scan and ignore a phishing scam in your inbox, Spotlight's preview feature is leaving the metaphorical window open. Spotlight even loads images sent straight to the junk folder, while switching off the "load remote content in messages" feature (intended to prevent senders tracking which messages have been opened) doesn't alleviate the issue.
Spotlight Search is a handy way of clambering through an overflowing inbox, but until Apple issues a fix, it's probably best to head to the Mac System preferences and switch off email indexing. [Heise]