A group of security researchers have found critical vulnerabilities in PGP/GPG and S/MIME email encryption that can reveal the plaintext of encrypted emails, including encrypted emails sent in the past.
Sebastian Schinzel, a professor of computer security at Münster University of Applied Sciences, announced the discovery on Twitter.
"There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now."
The EFF says it has confirmed that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. It's suggested that users "immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email."
Here are the guides posted by the EFF that show you how to temporarily disable PGP plug-ins:
● Thunderbird with Enigmail
● Apple Mail with GPGTools
● Outlook with Gpg4win
Full vulnerability details will be published in a paper that will be posted Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific).
Read More
Sebastian Schinzel, a professor of computer security at Münster University of Applied Sciences, announced the discovery on Twitter.
"There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now."
The EFF says it has confirmed that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. It's suggested that users "immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email."
Here are the guides posted by the EFF that show you how to temporarily disable PGP plug-ins:
● Thunderbird with Enigmail
● Apple Mail with GPGTools
● Outlook with Gpg4win
Full vulnerability details will be published in a paper that will be posted Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific).
Read More