HKCert
  

OpenPGP and S/MIME Mail Client Vulnerabilities (aka Efail)

Release Date: 15 / 05 / 2018
Last Update: 18 / 05 / 2018
Criticality Level:  


Multiple vulnerabilities have been identified in OpenPGP and S/MIME mail client, a remote attacker can exploit these vulnerabilities to trigger sensitive information disclosure on the targeted system.

  • Information Disclosure

Last update date: 2018-05-18

ProductStatusRemarks
 Email Client

 Apple Mail

iOS Mail

AffectedRelated Information

 Microsoft Outlook

Microsoft Window 10 Mail

Microsoft Window Live Mail

AffectedRelated Information
Mozilla ThunderbirdAffectedRelated Information
Google GmailAffected 
IBM NotesAffected 
 Plug-in
GunPGAffected Related Information

GPG4Win

Not Affected Related Information

GPGTools

Affected  Temporary Mitigation Measures 
EnigmailAffected Patches Available

 

Before installation of the software, please visit the software manufacturer web-site for more details.

Please noted that patches will be provided per each vendor and might be applied to some specific version only.

 

Below security measures could be mitigated the risk of information disclosure.

  1. Decrypt mail outside of mail client
  2. Using a separate application outside of your mail client to decrypt incoming emails.

  3. Disable HTML rendering
  4. Preventing your email client from rendering HTML.

  5. Disable Remote Content Loading
  6. Preventing your email client from loading remote content without permission.