In Apple Mail, there is no protecting PGP-encrypted messages. Even with disabling remote content, GPGTools is vulnerable to EFAIL, and the only mitigation for now is to switch to Thunderbird/Enigmail, and disable viewing HTML emails
Here's a proof-of-concept exploit that I developed (Hanno Böck deserves much of the credit too) that demonstrates the attack:
@micahflee Thank you for your continuing work on this. Clear videos that show just how easy the social engineering really put things in the right context, IMO.
Hopefully "next time" we have a drama like this you'll be able to recommend Mailpile as an alternative as well. Hopefully! 😁
@HerraBRE It's been a long time since I last tried Mailpile, I should try it out again
@micahflee Wait another month or so, and we should have a Mailpile.app ready for Mac users to test.
@micahflee Excellent write-up, thank you! :)
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!