After researchers disclosed the bug in June 2022, Proton developed and deployed a fix by early July 2022.
Avoid clicking unexpected links in emails, even from seemingly secure providers.
In most scenarios, the attack only worked if the victim viewed both emails and clicked a specific link in the second one. Proton Exploit
When possible, use native desktop or mobile apps which often have different attack surfaces than web-based versions. If you'd like to refine this draft, tell me if you want to:
The vulnerability was strictly limited to the web interface; non-web Proton Mail apps (iOS/Android) were never affected. Protecting Your Data After researchers disclosed the bug in June 2022,
Ensure you are using the latest version of any Proton applications.
This incident serves as a reminder that no system is 100% secure, but active collaboration with the security community—often incentivized by Proton's Bug Bounty Program —is essential for maintaining privacy. To stay secure, users should: When possible, use native desktop or mobile apps
Analysis of spam and virus filter logs showed no evidence of the exploit being used in the wild by malicious actors.