The vulnerability was strictly limited to the web interface; non-web Proton Mail apps (iOS/Android) were never affected. Protecting Your Data
In most scenarios, the attack only worked if the victim viewed both emails and clicked a specific link in the second one. Proton Exploit
Proton maintained its commitment to security through its Responsible Vulnerability Disclosure Policy . The vulnerability was strictly limited to the web
An attacker would need to send two carefully crafted emails to the target. Proton Exploit