Decades-old PGP bug allowed hackers to spoof just about anyone’s signature

For their entire existence, some of the world’s most widely used email encryption tools have been vulnerable to hacks that allowed attackers to spoof the digital signature of just about any person with a public key, a researcher said Wednesday. GnuPG, Enigmail, GPGTools, and python-gnupg have all been updated to patch the critical vulnerability. Enigmail and the Simple Password Store have also received patches for two related spoofing bugs.

Source: Decades-old PGP bug allowed hackers to spoof just about anyone’s signature

Advertisements