A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients.
The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, Roundcube and Mailpile.
When you send a digitally signed email, it offers end-to-end authenticity and integrity of messages, ensuring recipients that the email has actually come from you.
However, researchers tested 25 widely-used email clients for Windows, Linux, macOS, iOS, Android and Web and found that at least 14 of them were vulnerable to multiple types of practical attacks under five below-mentioned categories, making spoofed signatures indistinguishable from a valid one even by an attentive user.
The research was conducted by a team of researchers from Ruhr University Bochum and Münster University of Applied Sciences, which includes Jens Müller , Marcus Brinkmann , Damian Poddebniak , Hanno Böck, Sebastian Schinzel , Juraj Somorovsky, and Jörg Schwenk.
More at – thehackernews.com
FairEmail for your Android isn’t affected.
If you know more, let us know.
But I guess most of the affected clients get fixed pretty soon.