Apple Blog

A Mail failure could reveal your encrypted emails

The security of Apple’s operating systems is once again compromised. Security researchers have reported a bug in the Mail application of iOS and macOS that could allow a hacker to extract our encrypted emails with the protocols OpenPGP and SMIME that have been affected. This bug will probably be fixed in a future security update.

Many companies and individuals choose to use an encryption system to be able to send emails that may contain private information . A security hole has compromised these emails by opening them with Mail.

A Mail failure could reveal your encrypted emails
A Mail failure could reveal your encrypted emails

According to AppleInsider, this failure is possible thanks to the remote loading of images that are hosted externally on the server. What the attacker will do is send the victim an altered message from the original email that is encrypted. Once opened by the victim, it will be decrypted by the mail manager accessing the external content while sending the unencrypted information to the attacker.

This security flaw is present in Apple’s email manager, both in iOS and macOS and also in Mozilla Thunderbird . According to the experts, this vulnerability can be easily patched and we hope that Apple has already taken steps to correct this vulnerability.

Another method that the attacker can use, although it is more complicated, would be to modify blocks of text in the email by adding image tags.


If you are one of these users who usually sends messages in an encrypted manner, the researchers have recommended to disable the HTML presentation for incoming messages in our mail service. If, on the other hand, our manager does not decrypt the messages, it is recommended that you open the mail in an isolated manner, avoiding filtering channels. In addition, it is also recommended to disable the automatic loading of remote content.

All the details of the vulnerability will be released by these security experts tomorrow, and we expect Apple’s engineers to be working on a security update that can patch this bug.

Leave us in the comment box what you think about this bug and if you normally number your emails.

Similar Posts