We have been following a story that appeared recently about vulnerabilities in PGP and S/MIME that can cause a leak of the plaintext content of encrypted emails.
A technical description of the vulnerabilities can be found at https://efail.de/
There are a number of possible mitigations for the vulnerabilities, and they vary in how much they might impact your use of encryption. As we have help pages about how to use encryption with email, we felt we should let you know about these particular vulnerabilities.
Here’s the winning question — are either of Runbox’s webmail clients vulnerable to these attacks? Existing and Beta?
Please kindly update your post to reassure us.
The PGP and S/MIME vulnerabilities that have been talked about do not apply to the Runbox webmail as it has no encryption or decryption capabilities built in.
Some customers might be using Mailvelope with our webmail, and they have posted an updated on the Implications of Efail on Mailvelope on their website.