Google has fixed a major security issue affecting Gmail and G Suite mail servers.
The error could allow an attacker to send fake messages that mimic any Gmail or G Suite client.
According to security researcher Allison Husain, who found and reported the problem to Google in April, the error also allowed attackers to forge emails under the Sender Policy Framework (SPF) and Domain-based Message Authentication (DMARC). , Reporting, and Conformance), two of the most advanced email security standards.
However, despite the fact that Google had 137 days to fix the problem, it delayed the updates, planning to fix the error sometime in September.
Google engineers changed their minds yesterday when Husain published details for the error in her blog, along with a PoC.
Seven hours after the announcement, Google told Husain that it had developed a patch to block any attacks that take advantage of the issue, but work will be completed with final updates in September.
The Google patch has already been applied to the server, which means that Gmail and G Suite users need to do nothing.