PGP and S/MIME are popular end-to-end encryption standards used to encrypt emails in a way that no one, not even the company, government, or cyber criminals, can spy on your communication.
Before explaining how the vulnerability works, it should be noted that the flaw doesn’t reside in the email encryption standards itself; instead, it affects a few email clients/plugins that incorrectly implemented the technologies.
Dubbed eFail by the researchers, the vulnerabilities, as described in our previous early-warning article, could allow potential attackers to decrypt the content of your end-to-end encrypted emails in plaintext, even for messages sent in the past.
According to the paper released by a team of European security researchers, the vulnerabilities exist in the way encrypted email clients handle HTML emails and external resources, like loading of images, styles from external URLs.
Here’s How the eFail Attack Works: