A team of security researchers has discovered several vulnerabilities in OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. Affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, Evolution, MailMate, Airmail, K-9 Mail, Roundcube and Mailpile. Researchers tested 25 widely-used email clients for Windows, Linux, macOS, iOS, Android and Web and found that at least 14 of them were vulnerable to multiple types of practical attacks.
Source: https://thehackernews.com/2019/04/email-signature-spoofing.html