A security researchers’ squad has lately uncovered several vulnerabilities in the various implementations of the OpenPGP and S/MIME email signature verification that holds the capability to permit the attackers to spoof the
Signature Spoofing Attacks have resulted in over dozen popular Email Clients to vulnerability. Visit www.darkweblink.com. signatures on over a large number of the popular email clients. The affected email clients included Microsoft Outlook, Thunderbird, iOS mail, Apple Mail with GPG tools, GpgOL, Evolution, KMail, K-9 Mail, Airmail, MailMate, Mailpile and Roundcube. Whenever one sends a digitally signed email, it offers end-to end authenticity and integrity of the messages that ensures the authenticity of the sender to the recipient. Nevertheless, the researchers have tested the 25 widely used email clients for the Linux, Windows, Android, Web, macOS and iOS and have found out that at least 14 of them were vulnerable to multiple types of the practical attacks under the five categories:
- CMS Attacks (C1, C2,C3 C4)
- GPG API Attacks (G1, G2)
- ID Attacks (I1, I2, I3)
- MIME Attacks (M1, M2, M3, M4)
- UI Attacks (U1)
The researchers have also noticed that some of the email signature spoofing attacks can also be used to spoof the decryption results and causing the email client to indicate an encrypted message where the fact is that the plaintext was transmitted in the clear. The vulnerabilities in the email clients have been provided with the CVEs such as: CVE-2018-18509, CVE-2018-12019, CVE-2018-12020, CVE-2017-17848, CVE-2018-15586, CVE-2018-15587, CVE-2018-15588, CVE-2019-8338, CVE-2018-12356, CVE-2018-12556, and CVE-2019-728. No matter what, most of the partial and as well as weak forgery attacks can be potentially identified by carefully inspecting the GUI or manually clicking to receive more of the signature details. The researchers have reported all of these vulnerabilities to the affected vendors and the developers as well as the suggested appropriate countermeasures that have now been implemented in the latest versions of most of the affected software.