A glitch in OS X Yosemite’s Spotlight search can expose private details if you’re an Apple Mail user. The glitch exposes your IP address and other system details to spammers and other online tracking companies.
When you use Spotlight to search for an email, Spotlight shows a preview of that email. When it does this, it automatically opens external images linked in an HTML email. These emails can include tracking pixels, which can reveal certain details about your system to spammers. In Infoworld’s tests, they were able to send a tracking pixel and gather an IP address, current OS version and some details about the browser.
Spotlight does this even if you’ve switched off the “load remote content in message” option in Mail. The glitch seems to only affect Apple Mail users, so if you’re using a third-party app or web service, you’re fine. At the moment, the only way to prevent it from happening is to disable Mail search in Spotlight. Head to System Preferences > Spotlight, and uncheck the “Mail & Messages” option.