Archived Post

Security flaws discovered in Apple’s Mail app for macOS, iOS

As noted by 9to5Mac, researchers have found flaws in the HTML rendering of Apple Mail on Mac and iOS, as well as Mozilla Thunderbird, that allows attackers to extract decrypted plain text from encrypted mail messages. The primary issue affecting involves a method that uses multipart responses to exploit HTML rendering issues.

If an attacker obtains encrypted email content from someone, it’s possible to send that encrypted text back to the user and reveal the decrypted plaintext form without ever having access to the sender’s private encryption keys.

However, the GPGTools/GPGMail team has posted a temporary workaround against the vulnerability, while MacRumors has compiled a separate guide to removing the popular open source plugin for Apple Mail until a fix for the vulnerability is released.

Like this article? Consider supporting Apple World Today with a $5 monthly Team AWT membership. 


Dennis Sellers
the authorDennis Sellers
Dennis Sellers is the editor/publisher of Apple World Today. He’s been an “Apple journalist” since 1995 (starting with the first big Apple news site, MacCentral). He loves to read, run, play sports, and watch movies.