As noted by 9to5Mac, researchers have found flaws in the HTML rendering of Apple Mail on Mac and iOS, as well as Mozilla Thunderbird, that allows attackers to extract decrypted plain text from encrypted mail messages. The primary issue affecting involves a method that uses multipart responses to exploit HTML rendering issues.
If an attacker obtains encrypted email content from someone, it’s possible to send that encrypted text back to the user and reveal the decrypted plaintext form without ever having access to the sender’s private encryption keys.
However, the GPGTools/GPGMail team has posted a temporary workaround against the vulnerability, while MacRumors has compiled a separate guide to removing the popular open source plugin for Apple Mail until a fix for the vulnerability is released.
Like this article? Consider supporting Apple World Today with a $5 monthly Team AWT membership.