GPGMailSecurity researchers are warning users of PGP/GPG email encryption plugins not to use the software, after critical vulnerabilities were discovered that could potentially be used reveal the plaintext of encrypted emails.

The official advice from security researchers is to disable and/or uninstall the affected software until the vulnerabilities are disclosed and fixes can be issued. In the meantime, users are advised to seek alternative end-to-end encrypted channels such as Signal to send and receive sensitive content.

This short how-to guides users through the steps necessary to remove the popular open-source encryption plugin GPG Tools (GPGMail) from Apple Mail. It requires deleting a "bundle" file used by the app. Users' existing encryption keys are not affected by the procedure and will remain on their hard disk. GPGTools has also since published a temporary workaround that it believes mitigates against similar so-called "Efail" attacks.

How to Uninstall GPG Tools from Apple Mail

  1. Quit Apple Mail if it is running (Mail -> Quit Mail in the menu bar).

  2. Click on the desktop and in the Finder menu bar, select Go -> Go to Folder....
    go to folder menu bar

  3. In the Go to Folder dialog that appears, type /Library/Mail/Bundles and click Go.
    go to mail folder

  4. Delete the GPGMail.mailbundle file by either dragging it to the trash in your dock or by right-clicking (Ctrl-clicking) it and selecting Move to Trash in the contextual dropdown menu. If you don't see the mailbundle file, return to the previous step but type ~/Library/Mail/Bundles in the Go to Folder dialog (note the tilde (~) character denotes your home folder).
    delete mailbundle gpg

  5. Enter your administrator password if prompted to confirm the action.

After following the above steps, the GPG Tools email plugin will be gone from Apple Mail the next time you launch the client.

Top Rated Comments

CarlJ Avatar
38 months ago
That’s not good. But uninstalling is an overreaction. Wait for a fix.
Agreed. This article seems akin to "Researchers have discovered that seatbelts don't always work - here's how to cut them out of your car" (the dealer will really appreciate that when you take it in for repair). Well, great, when they come up with an updated app, it'll be harder to get it installed. How about just hold off on encrypting things for a bit.
[doublepost=1526316516][/doublepost]
The official advice from security researchers is to disable and/or uninstall the affected software until the vulnerabilities are disclosed and fixes can be issued. In the meantime, users are advised to seek alternative end-to-end encrypted channels ...

This short how-to guides users through the steps necessary to remove the popular open-source encryption plugin GPG Tools (GPGMail) ('https://gpgtools.org') from Apple Mail.
This article seems ill-advised. How about telling people how to temporarily disable the software, rather than rushing through a multi-step process to delete it?
Score: 2 Votes (Like | Disagree)
Westside guy Avatar
38 months ago
Removing it seems like overkill, assuming the fix is indeed “coming very soon”. It’s easy to have it off by default (which is how I use it - it’s uncommon for me to need to send an encrypted email, but occasionally the need is there).

It is also unclear whether my encrypted emails are affected since I use plaintext emails by default.
Score: 1 Votes (Like | Disagree)
Detektiv-Pinky Avatar
38 months ago
I don't think removing PGP is solving any problem.

If, as the researchers claim, any previously send Email is at risk, removing the software now does not magically makes these Emails secure.

At the moment too little is known to fully understand the problem. Most security problems require certain elements to make an attack successful in the wild. From what I have gathered so far, the attack is successful against MIME-encoded Emails. So changing your Email-settings to send them as 'plain-text' may be far more effective than blindly uninstalling PGP.
Score: 1 Votes (Like | Disagree)
Telos101 Avatar
38 months ago
I don't think removing PGP is solving any problem.

If, as the researchers claim, any previously send Email is at risk, removing the software now does not magically makes these Emails secure.
As I understand it, the uninstall advice from EFF seems to be a protective measure for people who expect the encryption to 'just work' in their mail app of choice. At least this way they know their emails aren't secure and can choose a different means of communicating. Signal does seem a good alternative for now.
Score: 1 Votes (Like | Disagree)

Top Stories

april 2021 event coverage feature

Apple Event Live Coverage: New iPads, AirTags, and More Expected [Event Over]

Tuesday April 20, 2021 9:07 am PDT by
Apple's virtual "Spring Loaded" event kicks off today at 10:00 a.m. Pacific Time, with Apple expected to debut updated iPad models and perhaps some other hardware such as AirTags or iMac models based on Apple silicon. Apple is providing a live video stream on its website, on YouTube, and in the company's TV app across its platforms. We will also be updating this article with live blog...
m1 imac colors

Apple Announces Redesigned iMac With M1 Chip and Seven Color Options

Tuesday April 20, 2021 10:22 am PDT by
Apple has announced a new, redesigned 24-inch iMac, featuring an M1 chip, a 4.5K display, and a range of color options, as well as an improved cooling system, front-facing camera, speaker system, microphones, power connector, and peripherals. The new iMac features a completely new compact design, and comes in a range of seven striking colors, including green, yellow, orange, pink, purple,...
iphone 12 preorder purple

Apple Launching iPhone 12 and 12 Mini in New Purple Color on April 30

Tuesday April 20, 2021 10:08 am PDT by
Apple today announced that the iPhone 12 and iPhone 12 mini will be available in a new purple color starting April 30, with pre-orders starting this Friday. Apple is also releasing a new MagSafe Leather Case and Leather Sleeve in Deep Violet, a Silicone Case in Capri Blue, Pistachio, Cantaloupe, or Amethyst, and a Leather Wallet in Arizona, all available to order beginning today. iPhone...
14

Apple Says iOS 14.5 Will Be Released 'Next Week'

Tuesday April 20, 2021 11:08 am PDT by
Apple today in a press release about its new AirTag item tracker announced that iOS 14.5 and iPadOS 14.5 will be available starting "next week." iOS 14.5 and iPadOS 14.5 are packed with new features, including the ability for iPhone users who are wearing an Apple Watch to unlock the iPhone with Face ID while wearing a mask. iOS 14.5 and iPadOS 14.5 will also be the minimum software versions...
ipad pro with m1 chip

Apple Introduces Next-Generation iPad Pro With M1 Chip, Thunderbolt, 5G, XDR Display, and More

Tuesday April 20, 2021 10:40 am PDT by
Apple today announced the next-generation iPad Pro with the same M1 chip found in the latest Macs, Thunderbolt and USB4 support, 5G connectivity on cellular models with mmWave support in the United States, and more. With an 8-core CPU and 8-core GPU, Apple says the M1 chip in the new iPad Pro provides up to 50% faster performance and up to 40% faster graphics compared to the A12Z Bionic chip ...
f1618938547

Apple Announces AirTag Tracking Devices Starting At $29 Each

Tuesday April 20, 2021 10:10 am PDT by
Apple today announced AirTag, a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app. AirTags are accessories for attaching to backpacks, luggage, and other items. Any U1 device like the iPhone 12 can be used for precision finding to guide you right to the item you're looking...
Ports 2021 MacBook Pro Mockup Feature 1 copy

Stolen MacBook Pro Schematics Confirm Apple's Plans to Add More Ports and Remove Touch Bar

Wednesday April 21, 2021 10:31 am PDT by
Schematics stolen from Apple supplier Quanta Computer outline Apple's plans for the next-generation MacBook Pro models that are expected in 2021, and clearly confirm plans for additional ports and a return to MagSafe. MacRumors saw the schematics after they were leaked online, and some of them feature the logic board of the next-generation MacBook Pro. On the right side of the machine,...
iPad Pro

New 12.9-Inch iPad Pro Will Be 0.5mm Thicker to Accommodate Mini-LED Display

Monday April 19, 2021 11:30 am PDT by
The upcoming 12.9-inch iPad Pro will be thicker than the previous-generation version, likely due to the inclusion of the mini-LED display. We've heard several rumors about the change in thickness, and now leaked design images have confirmed it. A source that designs accessories for Apple devices sent MacRumors a series of photos that feature exact dimensions for the new iPad Pro models, and...
iPad Pro Feature Orange

Wedbush Analysts Say 'Spring Loaded' Event Will Debut New iPads With 'Modest Price Increase,' Along With 'a Few Surprises'

Monday April 19, 2021 6:37 am PDT by
Apple is planning to launch a new entry-level iPad, iPad mini, and iPad Pro at its "Spring Loaded" event tomorrow, along with "a few surprises," according to Wedbush analysts. In a new note to investors, seen by MacRumors, Wedbush analysts Daniel Ives and Strecker Backe explained that the iPad will be the main focus of Apple's "Spring Loaded" event, with new entry-level iPad, iPad mini, and ...
maxresdefault

Apple Event 2021: Everything Apple Announced at Its 'Spring Loaded' Event in Just 6 Minutes

Tuesday April 20, 2021 4:23 pm PDT by
Apple today held its first event of 2021, and it was one of the most exciting events that we've seen in some time. Apple announced a whole slew of new products, including an M1 iMac, an M1 iPad Pro, a refreshed 4K Apple TV, and the long-awaited AirTags. Subscribe to the MacRumors YouTube channel for more videos. It took Apple an hour to introduce all of the new devices during its virtual...