GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature

A security researcher has discovered a critical vulnerability in some of the world's most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages. The disclosure comes almost a month after researchers revealed a series of flaws, dubbed eFail, in PGP and S/Mime encryption tools that could allow attackers to

from The Hacker News https://ift.tt/2JLW1CN