In Apple Mail the found vulnerability allows you to read encrypted emails
14.05.2018 apleapplekot 0 Comments
Researchers in computer security have discovered a vulnerability in a popular e-mail clients where you can read emails encrypted with PGP and S/MIME. About it writes the edition 9to5Mac.
Mostly emails are sent unencrypted. But some companies and users are using encryption methods PGP and S/MIME for outgoing e-mails. The experts found that the attackers can intercept and read these letters.
The problem only affects mails sent in HTML format using the <img> tag to insert the image. This letter inside is divided into three parts: first write the <img> tag, followed by the encrypted text, and closes the letter is a continuation of the <img> tag. This leads to the fact that the e-mail program decrypts the text, taking it for the image url.
When the user opens the email, the mail program tries to load the image specified by the attacker address. Server fraudster registers a query and stores the decrypted copy of the letter.
The problem primarily affects email clients on computers and smartphones. The human rights organization Electronic Frontier Foundation released a statement which explained how to disable PGP encryption in Apple Mail, Mozilla Thunderbird and Microsoft Outlook. But this is only a temporary measure, as explained by the experts. A full working solution to the problem has not yet been found. Users are also advised to temporarily discontinue the use of PGP in e-mail.
Decryption of messages encrypted using S/MIME is more difficult than PGP. But Apple discovered this error in March and I fixed it in the standard mail client of macOS High Sierra 10.13.4 and iOS 11.3. Probably a problem with the PGP encryption will be fixed in future updates.
Follow the news in our Telegram channel (if you can bypass the lock), as well as in the app on iOS MacDigger.