If you are asked for the admin password, enter it to confirm the action.
The researchers also noted that an attacker needs full access to the target's email account, ie: the spy has to be able to log into your inbox.
The vulnerabilities in PGP and S/MIME standards pose an immediate risk to e-mail communication, including the potential exposure of the contents of past messages, said the Electronic Frontier Foundation (EFF), a U.S. digital rights group. Instead, the flaw is in various email programs that failed to check for "decryption errors properly before following links in emails that included HTML code". To help users, the organization has even posted guides on how to disable PGP in Thunderbird, Outlook and Apple Mail. Encrypting messages is still safer than not encrypting them-EFAIL basically just lets attackers read messages they've already compromised in some other way-but it's still not enough to truly protect the contents of those emails. Created by computer scientist Phil Zimmerman in 1991, Symantec bought PGP in 2010 and is still the program's official developer. "There is a real attack that can be exploited by people that allows them to decrypt a lot of encrypted email".
PGP works using an algorithm to generate a "hash", or mathematical summary, of a user's name and other information.
Electronic Frontier Foundation (EFF) has said it has confirmed a set of vulnerabilities that have the potential to reveal the contents of email previously thought to be encrypted with PGP.More news: New fissures open at Hawaii volcano, forcing more evacuations
More news: NCAA softball: UF receives No. 2 national seed, to host regionals
More news: USNORTHCOM: Russian Bombers Intercepted By US F-22 Fighters Near Alaska
A group of nine researchers has discovered a critical vulnerability in the systems end-to-end email encryption using OpenPGP and S/MIME.
Of course, if you recognise the need to secure encrypt your communications you probably also understand that resorting to sending and receiving unencrypted email is far from an acceptable solution.
Some have been arguing that EFAIL isn't a problem for OpenPGP as long as the implementations are done correctly (in addition to the aforementioned authenticated encryption, this includes not using HTML emails, which thwarts the problem).
BestVPN advice: Uninstall PGP immediately (at least for now)!
"The EFAIL attacks abuse active content, mostly in the form of HTML images, styles, etc", the researchers - Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk - wrote.