Emails may not be safe due to encryption flaw

Two email encryption tools may expose info to attackers. Read on for more info.

Threat: Email encryption tools OpenPGP and S/MIME have a critical vulnerability. S/MIME is often used in corporate settings.

Damage risk: Attackers can extract plaintext content from sent or received encrypted messages, even those from the past.

Exploited flaw: The flaw, which has been named EFAIL, is in how email clients implement S/MIME and OpenPGP tools. The vulnerability allows an attacker to access active content in HTML emails, like externally loaded images, to download the plaintext.

Fixes/Workarounds: Users should disable the email encryption plugins to stop bad actors from recovering past encrypted messages. Also consider sending text emails with no HTML for now.