Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


Google finally forced to patch serious Gmail bug after exploit published online

Image Description

Google has been forced to remedy a serious security vulnerability present in Gmail and G Suite email servers after an exploit was published online.

The vulnerability could have allowed an attacker to send imitation emails posing as any Gmail or G Suite customer, opening the door to an array of spear phishing and spam-based attacks - which could also be used to smuggle malware onto the target system.

Google had known about the flaw for 137 days prior to issuing the fix, but dragged its feet until security researcher Allison Husain published proof-of-concept exploit code to her blog.

Gmail security vulnerability

The now-patched Gmail exploit abused two separate issues which, when combined, could have given hackers the keys to the metaphorical kingdom.

The first bug allowed attackers to send fraudulent emails to an email gateway on the Gmail and G Suite backend, then run a server to wave the email through.

The second flaw created an opportunity to tweak email routing settings, allowing hackers to forward emails under the guise of any Gmail or G Suite user.

According to Husain, this second bug also meant malicious actors could bypass two highly restrictive email security standards: Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

“Due to missing verification when configuring mail routes, both Gmail’s and any G Suite customer’s strict DMARC/SPF policy may be subverted by using G Suite’s mail routing rules to relay and grant authenticity to fraudulent messages,” explained Husain.

The security researcher claims to have disclosed the issue on April 1 and notified Google of her intent to publish the exploit on August 1. Once the blog went live on August 19, only seven hours elapsed before Google delivered the fix.

The patch was administered on the backend, which means no action is needed on the part of Gmail users or G Suite customers in order to protect against attack.


21 Aug 2020



Other Blog

  • TikTok could become one of the largest Microsoft Azure customers

    With the September 15 deadline looming, the bidding war for TikTok is heating up especially now that Walmart has joined forces with Microsoft.

    Read More
  • US ecommerce could be a trillion-dollar market by 2022

    Adobe's 2020 Digital Economy Index suggests that the increase in online shopping during the pandemic could be here to stay.

    Read More
  • Windows laptops see major market share drop for the first time

    Despite remaining the dominant choice in the notebook market, Windows’ market share has fallen below 80% for the first time.

    Read More
  • VMware issues emergency patch for critical security flaws

    VMware has patched almost 20 vulnerabilities in its flagship products, one of which can be exploited remotely.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us