Source
Very practical daily, the file preview function of macOS embeds a small "breach" that gives access to all or to a part of your data (encrypted or not) previewed thanks to it.

Appeared in Leopard (Mac OS X 10.5), in 2007, the Quick Look feature quickly became very popular. It must be said that it’s extremely convenient to be able to preview a file without having to open it with the application supposed to manage it.

How it works?

Whenever you take a quick look at a file, macOS keeps a thumbnail of that document. This representation of the file contains the full name of the file, its access path and a reduced image that shows some of the content. Nothing fundamentally problematic?

Sadly, yes. Because this information generated by Preview is stored in cache on an unencrypted part of the disk even if the function was used to preview an encrypted file, present on an encrypted part of the storage space of the Mac or an encrypted external volume, it also.

In other words, the risk is important to expose data that we wanted to protect. Worse, any storage disk that has been connected to the machine may have left behind glimpses of its files ... Because, this thumbnail is kept on the hard drive even if the original volume is disconnected or, worse, if the source file is erased, warn Patrick Wardle and Wojciech Regula, two experts in computer security at the origin of this revelation.

A solution pending a fix

This security breach is not necessarily serious. It is indeed necessary that a malicious person had access to your Mac or have installed a malware on it to be able to draw in this list of thumbnail. For now, the solution is simple, continue to use Preview but remember to delete the directory that contains the thumbnails. Especially if you have viewed confidential information from an encrypted USB key, for example.

The manipulation is done from the Terminal and requires a restart of the machine.

• 1 - With the Cmd Space shortcut, activate Spotlight.

• 2 - In the input window that opens, type Terminal and confirm.

• 3 - Once the Terminal is open, after the prompt, enter:
  rm -rf $TMPDIR/../C/com.apple.QuickLook.thumbnailcache and validate the command.

• 4 - Then type sudo reboot. Confirm once again and enter your administrator password.

Rebooting the Mac after deleting the directory creates a new one, totally blank. What could not do a lot of commune removal commands.

I’m hoping now that Apple will quickly correct this problem that undermines the information security of users of its Mac. This is more embarrassing that the Cupertino company is generally put in the protection of our private data like its priority.

• This is my guide to secure your PC after a fresh installation of Windows and like I also said it in this article, Cortana isn't a good feature which respect your privacy and your security. Go check it out!

• And finally, for me, there is no digital switch-over without a real Cyber-Security strategy and this is why you should be aware of it!