Member from group of European security researchers twitted today that critical vulnerabilities in PGP/GPG and S/MIME email encryption was found. Full details will be published in a paper on Tuesday 15 May 2018 at 07:00 AM UTC.
EFF reported that they already establish connection with the research team running this investigation.
We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4
— Sebastian Schinzel (@seecurity) May 14, 2018
The only known advise for now is to turn all PGP and S/MIME plug-ins for all popular versions as:
Enigmail for Linux
GP4Win for Windows
GPGtools for Mac
There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.
At the end it is not clear what is worse? Why would disabling PGP help, then it’s even easier to read emails in plain text? If the vulnerability is difficult to exploit it is still better than no encryption at all?
Hope this will be fixed soon!