A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients.
The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, Roundcube and Mailpile.
When you send a digitally signed email, it offers end-to-end authenticity and integrity of messages, ensuring recipients that the email has actually come from you.
However, researchers tested 25 widely-used email clients for Windows, Linux, macOS, iOS, Android and Web and found that at least 14 of them were vulnerable to multiple types of practical attacks under five below-mentioned categories, making spoofed signatures indistinguishable from a valid one even by an attentive user.
Read more: The Hacker News