When possible, use native desktop or mobile apps which often have different attack surfaces than web-based versions. If you'd like to refine this draft, tell me if you want to:
Proton maintained its commitment to security through its Responsible Vulnerability Disclosure Policy . Proton Exploit
Avoid clicking unexpected links in emails, even from seemingly secure providers. When possible, use native desktop or mobile apps
Shift the tone (e.g., for developers or simpler for general users). Shift the tone (e
This incident serves as a reminder that no system is 100% secure, but active collaboration with the security community—often incentivized by Proton's Bug Bounty Program —is essential for maintaining privacy. To stay secure, users should:
In most scenarios, the attack only worked if the victim viewed both emails and clicked a specific link in the second one.
If successful, the script would run in the victim's session, allowing the attacker to "see" what the user sees—effectively stealing the decrypted content of their inbox. Proton's Response and Resolution
Vous devez être connecté pour poster un commentaire.