Google has just patched a critical Gmail vulnerability, allowing hackers to send fake emails
Security researcher Allison Husain is the one who discovered a Gmail security vulnerability that Google has just fixed. According to Husain, the cause of the problem lies in the lack of a verification mechanism when configuring email routes.
"Both Gmail and G Suite's strict DMARC / SPF policy can be circumvented by using G Suite mail routing rules to forward and grant authentication to spoofed emails , " says Husain. shall.
Husain discovered the problem in early 2020 and reported it to Google on 3/4/2020. Google took over the issue on April 16, 2020 but later determined that the vulnerability was prioritized only at level 2, severity level 2, and then marked it as a duplicate vulnerability. .
Google delayed patching the vulnerability by 137 days and would only patch it when it went public on the internetWhen Husain informed Google that he would make the vulnerability public on August 17, Google said a patch was under development and expected to roll out on September 17. According to Google regulations, the vulnerability will be patched within 90 days from when it is reported to Google and after this deadline a developer can publicize the vulnerability they discover. In the case of Husain, the Gmail vulnerability has not been patched even though it was reported 137 days ago.
Therefore, Husain decided to publicize the vulnerability on August 19 to promote Google to quickly take measures to protect users. Husain's decisive action forced Google to immediately take corrective measures.
Within 7 hours of Husain published details of the vulnerability, Google has released a patch.
You should read it
- How to backup Gmail data?
- In a few weeks Gmail will change to new clothes, will it get new users?
- 11 great extensions for Gmail on Firefox
- Master the new mobile Gmail application with these 10 useful tips
- Google is about to change the Gmail interface?
- Experience Google 's new Gmail interface quickly
- Instructions for deleting Gmail and Google accounts
- Replace the new 'shirt' for Gmail
- Gmail has just updated an extremely useful new entry: Contacts tab
- Guide to managing jobs with Google Calendar in Gmail
- Google launched a feature that allows sending money via Gmail
- Google uses HTTPS protocol for Gmail
Maybe you are interested
How to Share Your Exact Location with Google Plus Codes
How to change the default font in Google Docs - Use the font of choice
Manifest V3 rollout to remove Google extensions is being pushed
More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
How to Use Google Drive with Android File Manager
Kaspersky antivirus software suddenly disappears from Google Play Store