Researchers Discover Vulnerabilities in PGP/GPG Email Encryption Plugins, Users Advised to Avoid for Now
A warning has been issued by European security researchers about critical vulnerabilities discovered in PGP/GPG and S/MIME email encryption software that could reveal the plaintext of encrypted emails, including encrypted messages sent in the past.
The alert was put out late on Sunday night by professor of computer security Sebastian Schinzel. A joint research paper, due to be published tomorrow at 07:00 a.m. UTC (3:00 a.m. Eastern Time, 12:00 am Pacific) promises to offer a thorough explanation of the vulnerabilities, for which there are currently no reliable fixes.
Details remain vague about the so-called "Efail" exploit, but it appears to involve an attack vector on the encryption implementation in the client software as it processes HTML, rather than a vulnerability in the encryption method itself. A
blog post published late Sunday night by the Electronic Frontier Foundation said:
"EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages."
In the meantime, users of PGP/GPG and S/MIME are being advised to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email, and seek alternative end-to-end encrypted channels such as Signal to send and receive sensitive content.
Update: The GPGTools/GPGMail team has posted a temporary workaround against the vulnerability, while MacRumors has compiled a separate guide to removing the popular open source plugin for Apple Mail until a fix for the vulnerability is released. Other popular affected clients include Mozilla Thunderbird with Enigmail and Microsoft Outlook with GPG4win. Click the links for EFF's uninstall steps.
Popular Stories
Apple's recently announced CarPlay Ultra promises a deeply integrated in-car experience, but not all iPhone users will be able to take advantage of the new feature.
According to Apple's press release, CarPlay Ultra requires an iPhone 12 or later running iOS 18.5 or later. This means if you're using an iPhone 11, iPhone XR, or any older model, you'll need to upgrade your device to access...
Apple today announced that its next-generation CarPlay experience, now dubbed "CarPlay Ultra" begins rolling out today, starting with Aston Martin vehicles.
Subscribe to the MacRumors YouTube channel for more videos.
CarPlay Ultra is now available with new Aston Martin vehicle orders in the U.S. and Canada. It will also be available for existing models that feature the brand's next-generation ...
Apple today announced the launch of CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles.
CarPlay Ultra features deep integration with a vehicle's instrument cluster and systems, built-in Radio and Climate apps, customizable widgets, and more. The interface is tailored to each vehicle model and automaker's identity, and drivers can also adjust...
President Donald Trump has asked Apple CEO Tim Cook to halt the company's manufacturing expansion in India, in a potential disruption of Apple's plan to shift iPhone production away from China.
"I had a little problem with Tim Cook yesterday," Trump said during his state visit to Qatar, according to Bloomberg. "He is building all over India."
"They [India] have offered us a deal where...
Apple this week introduced a new feature designed to allow prospective Apple Music users to import their saved music and playlists from third-party music services to Apple Music.
The feature is either in an expanded testing phase or it has started rolling out, and it is available in Australia and New Zealand according to an Apple Support document. Signs of the transfer option first surfaced...
The first videos of Apple's CarPlay Ultra experience are now available, providing a never-before-seen look at the long-anticipated iPhone-linked infotainment software.
British automaker Aston Martin today shared the first video of Apple's CarPlay Ultra experience in-action, followed by a detailed walk-through of the CarPlay Ultra system on Top Gear's YouTube channel, which provides the...
Apple's Vision Pro headset has left many early adopters expressing dissatisfaction over its weight, limited use cases, and sparse software ecosystem, according to a new article from The Wall Street Journal.
In the year following the device's launch, user feedback suggests that it has failed to meet expectations for comfort, software support, and social acceptance. In interviews conducted by T...
