Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients.
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/97629