Vulnerabilities in PGP-encrypted email plug-ins

Member from group of European security researchers twitted today that critical vulnerabilities in PGP/GPG and S/MIME email encryption was found. Full details will be published in a paper on Tuesday 15 May 2018 at 07:00 AM UTC.

EFF reported that they already establish connection with the research team running this investigation.

 The only known advise for now is to turn all PGP and S/MIME plug-ins for all popular versions as:

Enigmail for Linux

GP4Win for Windows

GPGtools for Mac

There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.

At the end it is not clear what is worse? Why would disabling PGP help, then it’s even easier to read emails in plain text? If the vulnerability is difficult to exploit it is still better than no encryption at all?

Hope this will be fixed soon!




Leave a Reply