Attention PGP Users: New Vulnerabilities Require You To Take Action Now
Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.
Woah, that’s a big step. I have no idea what the vulnerability is, but I suspect it must have something to do with the automatic nature of the decryption and probably a buffer overflow or something else that allows arbitrary code execution if you get an encrypted email.