“Here’s how to protect yourself from the EFAIL vulnerability in Apple Mail on both iOS and macOS,” Bryan M. Wolfe reports for iDownload Blog. “These temporary fixes come after the new vulnerability was discovered that allows hackers to derive decrypted plaintext from encrypted emails. For the attack to work, the third party must be in possession of your encrypted S/MIME or PGP emails.”

“Although Apple’s likely to offer a fix to this vulnerability sooner rather than later, there are things you can do now to make your email more secure,” Wolfe reports. “The Electronic Frontier Foundation (EFF) was the first to discover this vulnerability.”

“The first method involves removing the GPGTools/GPGMail encryption plugin from Apple Mail on macOS,” Wolfe reports. “Keep in mind this vulnerability is most likely to occur in an environment that relies on S/MIME and PGP encrypted email communications to talk in private. The average Apple Mail user is almost certainly not using any of these tools.”

Read more in the full article here.

“A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages,” Danny O’Brien and Gennie Gebhart report for EFF.

“The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific),” O’Brien and Gebhart report. “In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.”

Read more in the full article here.

MacDailyNews Note: Mac users of PGP-encrypted email should immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. iOS users should disable “Load Remote Images” in Mail settings. Read the full articles above for details.