OpenPGP and S/MIME Mail Client Vulnerabilities (aka Efail)
Last Update Date:
18 May 2018
Release Date:
15 May 2018
4867
Views
RISK: High Risk
TYPE: Clients - Email Clients
Multiple vulnerabilities have been identified in OpenPGP and S/MIME mail client, a remote attacker can exploit these vulnerabilities to trigger sensitive information disclosure on the targeted system.
Impact
- Information Disclosure
System / Technologies affected
Last update date: 2018-05-18
| Product | Status | Remarks |
| Email Client | ||
Apple Mail iOS Mail | Affected | Related Information |
Microsoft Outlook Microsoft Window 10 Mail Microsoft Window Live Mail | Affected | Related Information |
| Mozilla Thunderbird | Affected | Related Information |
| Google Gmail | Affected | |
| IBM Notes | Affected | |
| Plug-in | ||
| GunPG | Affected | Related Information |
GPG4Win | Not Affected | Related Information |
GPGTools | Affected | Temporary Mitigation Measures |
| Enigmail | Affected | Patches Available |
- For further details, please refer to the following webpage: https://www.kb.cert.org/vuls/id/122919
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Please noted that patches will be provided per each vendor and might be applied to some specific version only.
Below security measures could be mitigated the risk of information disclosure.
- Decrypt mail outside of mail client Using a separate application outside of your mail client to decrypt incoming emails.
- Disable HTML rendering Preventing your email client from rendering HTML.
- Disable Remote Content Loading Preventing your email client from loading remote content without permission.
Vulnerability Identifier
Source
Related Link
Share with