An iOS 11 vulnerability reveals your encrypted emails -


Post Top Ad

Post Top Ad

Monday, 14 May 2018

An iOS 11 vulnerability reveals your encrypted emails

Some researchers have discovered a security breach in the encryption of PGP / GPG and S / MIME emails in Apple's native Mail application for iOS and macOS with Mozilla Thunderbird.

This vulnerability would allow hackers to access the text of the encrypted emails on your iPhone, iPad and iPod touch.

It is a vulnerability that affects the iOS security system and does not require any private key for the attacker to discover the text of the emails. The vulnerability has been called "Efail" and is based on how email clients use HTML content.

How the iOS Efail vulnerability works

Some companies use, sometimes, S / MIME and PGP to send encrypted emails. However, it is important to note that vulnerability exists thanks to the way in which these email clients process HTML content .

"EFAIL attacks exploit the vulnerabilities of the OpenPGP and S / MIME standards to reveal the text of encrypted emails. In other words, EFAIL uses the HTML content of emails, images for example, to filter the plain text through the URLs requested. To create these filtering channels, the attacker first needs access to encrypted emails, for example, by intercepting network traffic, compromising email accounts, email servers or backup systems. The emails could even have been collected years ago. "

    There are currently no reliable fixes for the vulnerability. If you use PGP / GPG or S / MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFF 's blog post on this issue: #efail 2/4
    - Sebastian Schinzel (@seecurity) May 14, 2018

The problem can only be solved by a new software update from Apple . Probably the software engineers of the bitten apple company are already working on it . Although they have other pending problems, such as the black circle bug in instant messaging applications such as WhatsApp or iMessage.

Via | Efail 

No comments:

Post a Comment

Post Top Ad