Google has patched a major security flaw affecting email servers of Gmail and G Suite.
The error could allow an attacker to send fake messages that mimic any Gmail or G Suite client.
According to security researcher Allison Husain, who found and reported the problem to Google in April, the bug also allowed attackers to deliver spoofed email messages compliant with SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance ), two of the most advanced email security standards.
However, despite the fact that Google had 137 days to fix the problem, it delayed the updates, planning to fix the error sometime in September.
Google engineers changed their minds yesterday when Husain published details for the error in her blog, along with a PoC.
Seven hours after the announcement, Google told Husain that it had developed a patch to block any attacks that take advantage of the issue, but work will be completed with final updates in September.
Google's patch has already been applied to the server, which means that the users Gmail and G Suite users don't need to do anything.