The warning had caused severe concern among privacy advocates.
PGP is a popular open-source end-to-end encryption standard widely used by political dissidents, reporters and businesses seeking security, while S/MIME (Secure/Multipurpose Internet Mail Extensions) is an asymmetric cryptographic technology that enables users to send encrypted emails with a digital signature.
Digital civil liberties group the EFF said in a rapidly issued EFF advisory said: “These vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”
The civil liberties organisation added: “Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.” It named Enigmail for Thunderbird, GPGTools for Apple Mail and Gpg4win for Outlook and offered instructions to disable them.
With businesses, political dissidents and journalists all relying on PGP to maintain a degree of online privacy, any vulnerability would be critical.
Yet as a row about the research began on Twitter, the full report was leaked early by Germany’s Suddeutsche Zeitung newspaper.