Google fixes major Gmail bug seven hours after exploit details go public

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,112
Google has patched on Wednesday a major security bug impacting the Gmail and G Suite email servers.
The bug could have allowed a threat actor to send spoofed emails mimicking any Gmail or G Suite customer.

According to security researcher Allison Husain, who found and reported this issue to Google in April, the bug also allowed attachers to pass the spoofed emails as compliant with SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance), two of the most advanced email security standards.

However, despite having 137 days to fix the reported issue, Google initially delayed patches past the disclosure deadline, planning to fix the bug somewhere in September.
Google engineers changed their mind yesterday after Husain published details about the bug on her blog, including proof-of-concept exploit code. [...]
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I thought something was "off" when this obvious (to me) phishing email made it to my Inbox. This would have been zapped by the spam filter otherwise. Whether it's related to the above vulnerabilities is anyone's guess but the timing is right.

Taking advantage of the COVID stay-at-home situation, no doubt. :mad:

phishing email.PNG
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top