November 9, 2025 Dear VaultSort Users, We're writing to inform you about important security vulnerabilities that were recently discovered by one of our users, and the comprehensive fixes we've...
November 9, 2025
Dear VaultSort Users,
We're writing to inform you about important security vulnerabilities that were recently discovered by one of our users, and the comprehensive fixes we've implemented. Your trust is paramount to us, and transparency about both our capabilities and limitations is core to our mission.
π What Was Discovered
A security-conscious user conducted thorough testing and identified several critical issues:
Vulnerabilities Found:
- Filename Retention: Original filenames remained visible after secure deletion
- Partial File Recovery: Files could be partially recovered using forensic tools after standard deletion
- Encryption/Decryption Security Exposure: Decrypted files were duplicated on external drives during access, creating security risks
- APFS Copy-on-Write Issues: Advanced filesystem features bypassed secure deletion on external drives
These findings prompted an immediate comprehensive security audit and implementation of fixes.
β What We've Fixed
We've implemented extensive security improvements across multiple phases:
Phase 1: Immediate Critical Fixes (Completed)
- β Filename Obfuscation Enabled by Default: All secure deletion operations now use 5-pass random filename obfuscation
- β Enhanced APFS Detection: Automatic detection of APFS external drives with specialized security protocols
- β Copy-on-Write Mitigation: Advanced algorithms specifically designed to defeat APFS filesystem optimization
- β Cryptographic Overwrite Patterns: Industry-leading random data patterns that resist forensic analysis
Phase 2: Advanced Security Enhancements (Completed)
- β Comprehensive APFS Metadata Clearing: 265 lines of specialized code to clear filesystem journal and metadata structures
- β Vault Security Overhaul: Implemented encrypted temporary container system to eliminate cleartext exposure
- β Real-time Verification: Deletion effectiveness validation using forensic-grade testing
- β Anti-Forensic Obfuscation: Advanced timestamp, metadata, and attribute scrambling
Recent Progress Tracking Improvements (Completed)
- β YubiKey Progress Fixed: Encryption/decryption operations now show continuous progress updates instead of staying stuck at 0%
- β Secure Deletion Progress Fixed: Progress bars no longer disappear during YubiKey operations with secure deletion
π‘οΈ Updated Security Assessment
| Drive Type | Filesystem | Content Recovery | Filename Recovery | Overall Rating |
|---|---|---|---|---|
| Internal | APFS | β Impossible | β Impossible | π’ Excellent |
| Internal | HFS+ | β Impossible | β Impossible | π’ Excellent |
| External | FAT32/exFAT | β Impossible | β Impossible | π’ Excellent |
| External | APFS | β Impossible | β οΈ Advanced tools may recover original filename from deep metadata | π‘ Very Good |
What This Means for You:
β File Content is 100% Secure - Your sensitive data cannot be recovered on ANY drive type
β Standard Forensic Tools are Defeated - Tools like Disk Utility, PhotoRec, and basic recovery software find nothing
β οΈ One Limitation: Advanced forensic software may recover original filenames from APFS external drive metadata (content remains completely secure)
π¬ Our Testing Process
We don't just claim security - we prove it:
- Professional Forensic Validation: Tested against DiskDrill Pro and other industry-standard tools
- Real-World Scenarios: Multiple test cycles with distinctive filenames and content
- Cross-Platform Testing: Verified effectiveness across different drive types and filesystems
- Continuous Improvement: Ongoing security research and enhancement
π‘ Security Best Practices
For Maximum Security:
- Use internal drives for files requiring complete forensic invisibility
- Use encrypted external drives when possible (FileVault, BitLocker, etc.)
- Combine secure deletion with full-disk encryption
For Standard Security (Most Users):
- VaultSort provides excellent protection against all common threats
- Substantial security improvement over basic file deletion
- Appropriate for personal, business, and compliance requirements
π― Why This Matters
Transparency Builds Trust: Unlike tools that make unrealistic "100% unrecoverable" claims, we test against real forensic software and tell you exactly what we can and can't do.
Continuous Improvement: When vulnerabilities are discovered, we don't hide them - we fix them comprehensively and share our findings.
Security-First Development: Every feature is designed with security as the primary concern, not an afterthought.
π Thank You
To our security researcher: Thank you for your thorough testing and responsible disclosure. User feedback like yours makes VaultSort better for everyone.
To Our Community: Your trust drives our commitment to transparent, effective security. We'll continue to be honest about both our capabilities and limitations.
π Action Required
Current users: Update to the latest version to receive all security improvements automatically.
Questions? Contact our support team - we're here to help you understand and optimize your security setup.
VaultSort: Security you can trust - honest assessment, real protection.
- We test against professional forensic tools so you don't have to wonder if your data is truly secure.
Best regards,
The VaultSort Security Team
- This update affects VaultSort versions 1.26.6 and later. All security improvements are automatically enabled - no user action required beyond updating to the latest version.
Ready to Secure Your Mac?
Experience the latest features and security improvements mentioned in this update. Join thousands of Mac users who trust VaultSort to organize and protect their files.