2 matches found
CVE-2022-41904
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly with warning shields. Therefore a malicious homeserver could inject messages into the...
CVE-2022-41904
Element iOS (MatrixSDK-based) was vulnerable before version 1.9.7: Megolm-encrypted events from untrusted sessions could be injected without warning, even if all group members were verified. The issue is fixed in Element iOS 1.9.7; no public workarounds are known. Upgrade to 1.9.7+ to remediate.