"It is astonishing that these vulnerabilities are still present in current versions of Thunderbird or Apple Mail", the researchers wrote. On the other hand, S/MIME is used mainly in enterprise infrastructure. They have published guides for Thunderbird, Apple Mail, and Outlook.
A set of vulnerabilities in the encryption technologies used to secure sensitive emails threaten to expose corporate communications as well as the messages of at-risk users such as journalists, political dissidents and whistleblowers operating in hostile environments.
Although further details on the encryption flaws were expected to go public by May 15th, they have leaked early. Indeed, after any bug reports get published, attackers often begin exploiting the new flaws within hours.
If you are asked for the admin password, enter it to confirm the action.
But on Monday, Munich newspaper Süddeutsche Zeitung appeared to break that embargo. From there, the actor manipulates the ciphertext of the email. "There is a real attack that can be exploited by people that allows them to decrypt a lot of encrypted email".
Matthew Green, professor and all-around expert on cryptography, is one of the tech activists who fired off a series of tweets about EFAIL.
Overwatch's New Anniversary Event Kicks Off Next Week, Includes Free Weekend
Legendary Anniversary loot boxes will also be available, which guarantee one, non-duplicate item of the aforementioned class. This post contains affiliate links where DualShockers gets a small commission on sales.
In the wake of the new research, Green tells Süddeutsche Zeitung: "This is another bullet hole in an already perforated auto".
As of now, there are not many details available on the latest vulnerability, but more information is expected to be shared by the researchers soon.
Electronic Frontier Foundation (EFF) in a separate blog post recommended users to immediately disable email tools that automatically decrypt PGP-encrypted email.
But some think the vulnerability warning is overblown. "Or if you really need to read them use a proper MIME parser and disallow any access to external links", he says.
SZ described the findings as "so devastating that confidence in encrypted emails is likely to be lost, at least for the foreseeable future".
The flaws, collectively dubbed EFAIL by the team of European researchers who discovered it, affect the end-to-end encryption protocols known as OpenPGP and S/MIME.