GPGMailSecurity researchers are warning users of PGP/GPG email encryption plugins not to use the software, after critical vulnerabilities were discovered that could potentially be used reveal the plaintext of encrypted emails.

The official advice from security researchers is to disable and/or uninstall the affected software until the vulnerabilities are disclosed and fixes can be issued. In the meantime, users are advised to seek alternative end-to-end encrypted channels such as Signal to send and receive sensitive content.

This short how-to guides users through the steps necessary to remove the popular open-source encryption plugin GPG Tools (GPGMail) from Apple Mail. It requires deleting a "bundle" file used by the app. Users' existing encryption keys are not affected by the procedure and will remain on their hard disk. GPGTools has also since published a temporary workaround that it believes mitigates against similar so-called "Efail" attacks.

How to Uninstall GPG Tools from Apple Mail

  1. Quit Apple Mail if it is running (Mail -> Quit Mail in the menu bar).

  2. Click on the desktop and in the Finder menu bar, select Go -> Go to Folder....
    go to folder menu bar

  3. In the Go to Folder dialog that appears, type /Library/Mail/Bundles and click Go.
    go to mail folder

  4. Delete the GPGMail.mailbundle file by either dragging it to the trash in your dock or by right-clicking (Ctrl-clicking) it and selecting Move to Trash in the contextual dropdown menu. If you don't see the mailbundle file, return to the previous step but type ~/Library/Mail/Bundles in the Go to Folder dialog (note the tilde (~) character denotes your home folder).
    delete mailbundle gpg

  5. Enter your administrator password if prompted to confirm the action.

After following the above steps, the GPG Tools email plugin will be gone from Apple Mail the next time you launch the client.

Related Forums: macOS Sierra, macOS High Sierra

Top Rated Comments

CarlJ Avatar
CarlJ
82 months ago
That’s not good. But uninstalling is an overreaction. Wait for a fix.
Agreed. This article seems akin to "Researchers have discovered that seatbelts don't always work - here's how to cut them out of your car" (the dealer will really appreciate that when you take it in for repair). Well, great, when they come up with an updated app, it'll be harder to get it installed. How about just hold off on encrypting things for a bit.
[doublepost=1526316516][/doublepost]
The official advice from security researchers is to disable and/or uninstall the affected software until the vulnerabilities are disclosed and fixes can be issued. In the meantime, users are advised to seek alternative end-to-end encrypted channels ...

This short how-to guides users through the steps necessary to remove the popular open-source encryption plugin GPG Tools (GPGMail) ('https://gpgtools.org') from Apple Mail.
This article seems ill-advised. How about telling people how to temporarily disable the software, rather than rushing through a multi-step process to delete it?
Score: 2 Votes (Like | Disagree)
Westside guy Avatar
Westside guy
82 months ago
Removing it seems like overkill, assuming the fix is indeed “coming very soon”. It’s easy to have it off by default (which is how I use it - it’s uncommon for me to need to send an encrypted email, but occasionally the need is there).

It is also unclear whether my encrypted emails are affected since I use plaintext emails by default.
Score: 1 Votes (Like | Disagree)
Detektiv-Pinky Avatar
Detektiv-Pinky
82 months ago
I don't think removing PGP is solving any problem.

If, as the researchers claim, any previously send Email is at risk, removing the software now does not magically makes these Emails secure.

At the moment too little is known to fully understand the problem. Most security problems require certain elements to make an attack successful in the wild. From what I have gathered so far, the attack is successful against MIME-encoded Emails. So changing your Email-settings to send them as 'plain-text' may be far more effective than blindly uninstalling PGP.
Score: 1 Votes (Like | Disagree)
Telos101 Avatar
Telos101
82 months ago
I don't think removing PGP is solving any problem.

If, as the researchers claim, any previously send Email is at risk, removing the software now does not magically makes these Emails secure.
As I understand it, the uninstall advice from EFF seems to be a protective measure for people who expect the encryption to 'just work' in their mail app of choice. At least this way they know their emails aren't secure and can choose a different means of communicating. Signal does seem a good alternative for now.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone 16 Pro Sizes Feature

iPhone 16 Launch Is Just One Month Out – Here's Everything We Know

Saturday August 10, 2024 5:00 am PDT by
Apple typically releases its new iPhone series in the fall, and a possible September 10 announcement date has been floated this year, which means we are just one month away from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design...
Read Full Article240 comments
macbook pro bb cyber

Apple's M3 MacBook Pro Gets Up to $1,000 Off In Major New Sales, Starting at $1,299 [Updated]

Sunday August 11, 2024 1:54 pm PDT by
Apple's M3 MacBook Pro is seeing multiple high value discounts on Best Buy and Amazon today, with up to $1,000 off select models. This includes a new all-time low price on the entry-level M3 512GB 14-inch MacBook Pro at $1,299.00, down from $1,599.00, and a massive $1,000 discount on the high-end 16-inch model exclusively for Best Buy members. Note: MacRumors is an affiliate partner with Best...
Read Full Article78 comments
iPhone 16 Pro Right Side Feature

The iPhone 16 is Getting a New Button: Here's What It Can Do

Tuesday August 13, 2024 4:01 pm PDT by
Multiple rumors have suggested that the iPhone 16 models are going to have an all-new button that's designed to make it easier to capture photos when the devices are held in landscape mode. Apple calls the button the Capture Button internally, and it is going to be one of the most advanced buttons that's been introduced to date with support for multiple gestures and the ability to respond to ...
Read Full Article173 comments
iOS 18 on iPhone Feature

Everything New in iOS 18.1 Beta 2 and iOS 18 Beta 6

Monday August 12, 2024 2:32 pm PDT by
Apple is beta testing iOS 18 and the first update to iOS 18 concurrently, and we got the second betas of iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1 today alongside the sixth betas of iOS 18, iPadOS 18, and macOS Sequoia 15. Many of the changes in iOS 18.1 are focused on bringing the .1 betas in line with the standard betas, which recently received updates to Photos and Safari, while...
Read Full Article77 comments
Beyond iPhone 13 Better Blue Face ID Single Camera Hole

10 Reasons to Wait for Next Year's iPhone 17

Thursday August 8, 2024 4:40 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different – already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...
Read Full Article164 comments
iPhone 17 Slim Feature Single Camera 2

Next Year's Slim iPhone 17 Could Be an 'iPhone Air'

Monday August 12, 2024 8:43 am PDT by
Apple's rumored iPhone 17 "Slim" could be positioned as an iPhone "Air" to boost sales, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman explained how the "fourth" model in the iPhone lineup since 2020 (the iPhone 12 mini, iPhone 13 mini, iPhone 14 Plus, and iPhone 15 Plus) has largely been a commercial failure. In the case of the Plus model,...
Read Full Article154 comments