Vulnerability in the application of PGP
Researchers from Munster University of Applied Sciences have reported vulnerabilities in the application of a well known and widely used encryption software called Pretty Good Privacy (PGP). In particular, the vulnerabilities, dubbed EFail, were discovered in the end-to-end encryption technologies: OpenPGP and S/MIME. A piece of HTML code can be used to cheat some of the most widely used email clients – including Apple Mail, Outlook 2007 and Thunderbird – to leak the original text of encrypted emails. The Electronic Frontier Foundation (EFF), which promotes the use of secure open standards, confirmed the vulnerabilities and advised users to, due to the range of email clients affected, pause in the use of the PGP in these clients and rather, turn to encrypted messengers for the time being, until there is more information from the security community on the level of the threat. In their statement, the authors of ‘GnuPG’, the popular implementation of PGP, underlined that the PGP itself is not vulnerable, only the email clients that use it, and reminded of the existing instructions how to safely apply PGP