Matrix SDK is vulnerable to message impersonation. An attacker with a malicious homeserver can construct messages appearing to have come from a specific person.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/matrix-org/matrix-ios-sdk | le | v0.23.18 | |
matrixsdk | le | 0.23.18 | |
github.com/matrix-org/matrix-ios-sdk | le | v0.23.18 | |
matrixsdk | le | 0.23.18 |
github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c
github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19
github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-hw6g-j8v6-9hcm
matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients