Emails may not be safe due to encryption flaw

Two email encryption tools may expose info to attackers. Read on for more info.

Threat: Email encryption tools OpenPGP and S/MIME have a critical vulnerability. S/MIME is often used in corporate settings.

Damage risk: Attackers can extract plaintext content from sent or received encrypted messages, even those from the past.

Exploited flaw: The flaw, which has been named EFAIL, is in how email clients implement S/MIME and OpenPGP tools. The vulnerability allows an attacker to access active content in HTML emails, like externally loaded images, to download the plaintext.

Fixes/Workarounds: Users should disable the email encryption plugins to stop bad actors from recovering past encrypted messages. Also consider sending text emails with no HTML for now.


Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy