Researchers Discover Vulnerabilities in PGP/GPG Email Encryption Plugins, Users Advised to Avoid for Now
A warning has been issued by European security researchers about critical vulnerabilities discovered in PGP/GPG and S/MIME email encryption software that could reveal the plaintext of encrypted emails, including encrypted messages sent in the past.
The alert was put out late on Sunday night by professor of computer security Sebastian Schinzel. A joint research paper, due to be published tomorrow at 07:00 a.m. UTC (3:00 a.m. Eastern Time, 12:00 am Pacific) promises to offer a thorough explanation of the vulnerabilities, for which there are currently no reliable fixes.
Details remain vague about the so-called "Efail" exploit, but it appears to involve an attack vector on the encryption implementation in the client software as it processes HTML, rather than a vulnerability in the encryption method itself. A
blog post published late Sunday night by the Electronic Frontier Foundation said:
"EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages."
In the meantime, users of PGP/GPG and S/MIME are being advised to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email, and seek alternative end-to-end encrypted channels such as Signal to send and receive sensitive content.
Update: The GPGTools/GPGMail team has posted a temporary workaround against the vulnerability, while MacRumors has compiled a separate guide to removing the popular open source plugin for Apple Mail until a fix for the vulnerability is released. Other popular affected clients include Mozilla Thunderbird with Enigmail and Microsoft Outlook with GPG4win. Click the links for EFF's uninstall steps.
Popular Stories
Apple is "drastically" cutting production of the iPhone Air and shifting focus toward the iPhone 17 and iPhone 17 Pro models, Nikkei Asia reports.
The business publication claims to have learned of a major cut to iPhone Air production motivated by weaker-than-expected consumer interest, nearly to "end of production levels." Despite early reports of the iPhone Air selling out within hours of...
Back in 2012, an Apple retail employee named Sam Sung went viral because his name is similar to Samsung, one of Apple's main competitors. In a recent interview with Business Insider, he detailed that period in his life, how Apple responded, and he explained why he ultimately changed his name.
Someone posted an image of Sung's Apple business card on Reddit in 2012, and it spread rapidly....
The upcoming iOS 26.1 update includes a handful of new features and changes for iPhones, including a toggle for changing the appearance of the Liquid Glass design, "slide to stop" for alarms in the Clock app, and more.
iOS 26.1 is currently in beta testing. The update will likely be released in the first half of November, and it is compatible with the iPhone 11 series and newer, but some...
General Motors began phasing out support for CarPlay in its electric vehicles back in 2023, leading to complaints from iPhone users, but the company has no plans to back down.
In fact, GM is going further and plans to remove CarPlay from all future gas vehicles, too. In an interview with The Verge, GM CEO Mary Barra said that the company opted to prioritize its platform for EVs, but the...
Apple plans to launch a new type of iPhone every year for the foreseeable future, according to an Asia-based source.
The detailed information was shared by the account "yeux1122" in a blog post on the Korean platform Naver, citing domestic trend and component research companies.
Corroborating other reports, Apple will apparently launch its first foldable iPhone in 2026, featuring a...
Apple's new iPhone lineup launched in the fall of 2027 will be called the "iPhone 20" models, rather than the "iPhone 19," according to research firm Omdia.
Speaking at a conference in Seoul (via ETNews), Omdia Chief Researcher Heo Moo-yeol corroborated rumors that Apple plans to move the launch of its standard iPhone to the first half of the year and provided some additional clarity about...
iPhone Air demand failed to meet Apple's expectations and the company's supply chain is scaling back shipments and production, reports Apple analyst Ming-Chi Kuo.
Subscribe to the MacRumors YouTube channel for more videos.
Suppliers are expected to reduce capacity by more than 80 percent between now and the first quarter of 2026, and some components with longer lead times will be discontinued ...
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps.
Starting today, the feature is available to residents of West Virginia. To set it up, open the Wallet app and tap on the plus sign in...
Apple is one of several tech companies that will contribute to the construction of U.S. President Donald Trump's 90,000-square-foot ballroom, reports CNN.
Construction began on the ballroom this week, and the White House's east wing was torn down. Trump claims that the ballroom will cost $350 million, and that it will be privately funded through donations. The cost has already increased $150 ...
