The security problem in Apple Mail allows you to read encrypted text

Researchers in the field of security have found problems with the processing of the HTML in the built-in Mail app on iOS and macOS. The same problem found in client Mozilla Thunderbird. This vulnerability allows hackers to see the text messages in an encrypted email. The encrypted letters are commonly used by those who want to keep their correspondence confidential, and that they may have a problem with that.

Email, generally, is not a secure method of communication because of lack of encryption. However, many people use S/MIME or PGP to encrypt email. This is done in cases when the confidentiality of correspondence is really worth keeping intact. However, the information published recently EFAIL, questioned the safety of this method of communication.

The problem is Apple Mail and Mozilla Thunderbird is the way these mail clients handle problems with displaying HTML. If the attacker will receive the encrypted email, he can send this letter back to the sender, which will give him access to your encrypted data without the encryption key. This is the trick that makes the client assume that the encrypted message text is the URL of the image you want to display.

In order to close this security hole, you will need to update the GPG plugin. The update will be available soon. Up to this point, it should be understood that an attacker must be in contact with the sender of the message. The security of your correspondence is reduced if it is a group. In order to have a little more to improve the security of your correspondence, you can disable loading of remote images in the settings of your email client.

Leave a Reply

Your email address will not be published. Required fields are marked *