Morning Dough
To: Dough Readers


Google Fixes Major Gmail Bug Seven Hours After Exploit Details Go Public

Google has patched on Wednesday a major security bug impacting the Gmail and G Suite email servers.

The bug could have allowed a threat actor to send spoofed emails mimicking any Gmail or G Suite customer.

According to security researcher Allison Husain, who found and reported this issue to Google in April, the bug also allowed attackers to pass the spoofed emails as compliant with SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance), two of the most advanced email security standards.

Google Delayed Patches, Despite A Four Months Heads-Up

However, despite having 137 days to fix the reported issue, Google initially delayed patches past the disclosure deadline, planning to fix the bug somewhere in September.

Read more here.