GPGMailSecurity researchers are warning users of PGP/GPG email encryption plugins not to use the software, after critical vulnerabilities were discovered that could potentially be used reveal the plaintext of encrypted emails.

The official advice from security researchers is to disable and/or uninstall the affected software until the vulnerabilities are disclosed and fixes can be issued. In the meantime, users are advised to seek alternative end-to-end encrypted channels such as Signal to send and receive sensitive content.

This short how-to guides users through the steps necessary to remove the popular open-source encryption plugin GPG Tools (GPGMail) from Apple Mail. It requires deleting a "bundle" file used by the app. Users' existing encryption keys are not affected by the procedure and will remain on their hard disk. GPGTools has also since published a temporary workaround that it believes mitigates against similar so-called "Efail" attacks.

How to Uninstall GPG Tools from Apple Mail

  1. Quit Apple Mail if it is running (Mail -> Quit Mail in the menu bar).

  2. Click on the desktop and in the Finder menu bar, select Go -> Go to Folder....
    go to folder menu bar

  3. In the Go to Folder dialog that appears, type /Library/Mail/Bundles and click Go.
    go to mail folder

  4. Delete the GPGMail.mailbundle file by either dragging it to the trash in your dock or by right-clicking (Ctrl-clicking) it and selecting Move to Trash in the contextual dropdown menu. If you don't see the mailbundle file, return to the previous step but type ~/Library/Mail/Bundles in the Go to Folder dialog (note the tilde (~) character denotes your home folder).
    delete mailbundle gpg

  5. Enter your administrator password if prompted to confirm the action.

After following the above steps, the GPG Tools email plugin will be gone from Apple Mail the next time you launch the client.

Top Rated Comments

CarlJ Avatar
89 months ago
That’s not good. But uninstalling is an overreaction. Wait for a fix.
Agreed. This article seems akin to "Researchers have discovered that seatbelts don't always work - here's how to cut them out of your car" (the dealer will really appreciate that when you take it in for repair). Well, great, when they come up with an updated app, it'll be harder to get it installed. How about just hold off on encrypting things for a bit.
[doublepost=1526316516][/doublepost]
The official advice from security researchers is to disable and/or uninstall the affected software until the vulnerabilities are disclosed and fixes can be issued. In the meantime, users are advised to seek alternative end-to-end encrypted channels ...

This short how-to guides users through the steps necessary to remove the popular open-source encryption plugin GPG Tools (GPGMail) ('https://gpgtools.org') from Apple Mail.
This article seems ill-advised. How about telling people how to temporarily disable the software, rather than rushing through a multi-step process to delete it?
Score: 3 Votes (Like | Disagree)
Westside guy Avatar
89 months ago
Removing it seems like overkill, assuming the fix is indeed “coming very soon”. It’s easy to have it off by default (which is how I use it - it’s uncommon for me to need to send an encrypted email, but occasionally the need is there).

It is also unclear whether my encrypted emails are affected since I use plaintext emails by default.
Score: 1 Votes (Like | Disagree)
Detektiv-Pinky Avatar
89 months ago
I don't think removing PGP is solving any problem.

If, as the researchers claim, any previously send Email is at risk, removing the software now does not magically makes these Emails secure.

At the moment too little is known to fully understand the problem. Most security problems require certain elements to make an attack successful in the wild. From what I have gathered so far, the attack is successful against MIME-encoded Emails. So changing your Email-settings to send them as 'plain-text' may be far more effective than blindly uninstalling PGP.
Score: 1 Votes (Like | Disagree)
Telos101 Avatar
89 months ago
I don't think removing PGP is solving any problem.

If, as the researchers claim, any previously send Email is at risk, removing the software now does not magically makes these Emails secure.
As I understand it, the uninstall advice from EFF seems to be a protective measure for people who expect the encryption to 'just work' in their mail app of choice. At least this way they know their emails aren't secure and can choose a different means of communicating. Signal does seem a good alternative for now.
Score: 1 Votes (Like | Disagree)

Popular Stories

Apple iPhone 16e Feature

Apple Announces iPhone 16e With A18 Chip and Apple Intelligence, Pricing Starts at $599

Wednesday February 19, 2025 8:02 am PST by
Apple today introduced the iPhone 16e, its newest entry-level smartphone. The device succeeds the third-generation iPhone SE, which has now been discontinued. The iPhone 16e features a larger 6.1-inch OLED display, up from a 4.7-inch LCD on the iPhone SE. The display has a notch for Face ID, and this means that Apple no longer sells any iPhones with a Touch ID fingerprint button, marking the ...
iphone 17 pro asherdipps

iPhone 17 Pro Models Rumored to Feature Aluminum Frame Instead of Titanium Frame

Tuesday February 18, 2025 12:02 pm PST by
Over the years, Apple has switched from an aluminum frame to a stainless steel frame to a titanium frame for its highest-end iPhones. And now, it has been rumored that Apple will go back to using aluminum for three out of four iPhone 17 models. In an investor note with research firm GF Securities, obtained by MacRumors this week, Apple supply chain analyst Jeff Pu said the iPhone 17, iPhone...
iPhone 17 Roundup Feature 2

iPhone Design to Change 'Significantly' This Year

Monday February 17, 2025 7:09 am PST by
Apple is set to "significantly change" the iPhone's design language later this year, according to a Weibo leaker. In a new post, the user known "Digital Chat Station" said that the iPhone's design is "starting to change significantly" this year. The "iPhone 17 Air" reportedly features a "horizontal, bar-shaped" design on the rear, likely referring to an elongated camera bump. On the other...
apple launch feb 2025

Tim Cook Teases an 'Apple Launch' Next Wednesday

Thursday February 13, 2025 8:07 am PST by
In a social media post today, Apple CEO Tim Cook teased an upcoming "launch" of some kind scheduled for Wednesday, February 19. "Get ready to meet the newest member of the family," he said, with an #AppleLaunch hashtag. The post includes a short video with an animated Apple logo inside a circle. Cook did not provide an exact time for the launch, or share any other specific details, so...
apple launch feb 2025 alt

Here Are the New Apple Products We're Still Expecting This Spring

Thursday February 20, 2025 5:06 am PST by
Now that Apple has announced its new more affordable iPhone 16e, our thoughts turn to what else we are expecting from the company this spring. There are three product categories that we are definitely expecting to get upgraded before spring has ended. Keep reading to learn what they are. If we're lucky, Apple might make a surprise announcement about a completely new product category. M4...
Generic iOS 18

Here's When Apple Will Release iOS 18.4

Wednesday February 19, 2025 11:38 am PST by
Following the launch of the iPhone 16e, Apple updated its iOS 18, iPadOS 18, and macOS Sequoia pages to give a narrower timeline on when the next updates are set to launch. All three pages now state that new Apple Intelligence features and languages will launch in early April, an update from the more broader April timeframe that Apple provided before. The next major point updates will be iOS ...
iOS 18

iOS 18.4 Coming Next Week With These New Features for Your iPhone

Friday February 14, 2025 6:18 am PST by
The first iOS 18.4 beta for iPhones should be just around the corner, and the update is expected to include many new features and changes. Bloomberg's Mark Gurman expects the iOS 18.4 beta to be released by next week. Below, we outline what to expect from iOS 18.4 so far. Apple Intelligence for Siri Siri is expected to get several enhancements powered by Apple Intelligence on iOS...
Apple 2025 Thumb 1

Two of Apple's Oldest Products Are Finally Getting Updated This Year

Friday February 14, 2025 6:03 am PST by
Apple released the HomePod mini in November 2020, followed by the AirTag in May 2021, and both still remain first-generation products. Fortunately, rumors suggest that both the HomePod mini and the AirTag will finally be updated at some point this year. Below, we recap rumors about the HomePod mini 2 and AirTag 2. HomePod mini 2 In January 2025, Bloomberg's Mark Gurman said Apple is ...