A vulnerability has been found in Apple Mail that allows reading encrypted emails

Computer security researchers found a vulnerability in popular email clients, because of which you can read the letters encrypted with PGP and S / MIME. This is written by the publication 9to5Mac.

A vulnerability has been found in Apple Mail that allows reading encrypted emails

Most emails are sent in plain text. But some companies and users use PGP and S / MIME encryption methods for outgoing emails. Experts have found that intruders can intercept and read these letters.

The problem concerns only emails sent in HTML format using the tag <img> to insert an image. Such a letter inside is divided into three parts: the first one contains a tag <img>, then there is an encrypted text, and the continuation of the tag closes the letter <img>. This leads to the fact that the mail program decrypts the text, taking it for the address of the picture.

A vulnerability has been found in Apple Mail that allows reading encrypted emails

When a user opens a message, the email program tries to load the image at the address specified by the attacker. The scammer server logs the request and stores the decrypted copy of the message.

A vulnerability has been found in Apple Mail that allows reading encrypted emails

The problem mainly affects applications for e-mail on computers and smartphones. The human rights organization Electronic Frontier The Foundation issued instructions explaining how to disable PGP encryption in Apple Mail, Mozilla Thunderbird and Microsoft Outlook. But this is only a temporary measure, as specialists explain. A full-fledged working solution to the problem has not yet been found. Users are also advised to temporarily stop using PGP when working with mail.

Decryption of messages encrypted using the S / MIME protocol is more complicated than PGP. But Apple discovered this error in March and fixed it in the standard macOS mail client High Sierra 10.13.4 and iOS 11.3. Probably, the problem with PGP-encryption will be fixed in future updates.

Follow the news in our Telegram channel (if you can bypass the lock), as well as in the MacDigger application on iOS.

Join us on Twitter, VKontakte, Facebook, Google+ or via RSS to keep up to date with the latest news from the world of Apple, Microsoft and Google.

Leave a Reply

Your email address will not be published. Required fields are marked *