CVE-2022-39255 Matrix iOS SDK allows developers to build iOS apps compatible with Matrix
and to ensure that this vulnerability is not exploited. As a best practice, all Matrix developers should upgrade to matrix_ios_sdk v0.23.19 or later as soon as possible. The new version is available on GitHub. Details of the security issue are available in the Matrix blog. We recommend all users review the blog entry and upgrade to the latest version of the Matrix iOS SDK as soon as possible.
Vulnerability summary
A vulnerability in the Matrix iOS SDK has been discovered. This vulnerability is remotely exploitable and can be used to access user data or to bypass restrictions. All users should upgrade to matrix_ios_sdk v0.23.19 or later as soon as possible. The new version is available on GitHub. Details of the security issue are available in the Matrix blog. We recommend all users review the blog entry and upgrade to the latest version of the Matrix iOS SDK as soon as possible
About Matrix
Matrix is a decentralized open source messaging and social networking application. In contrast to Facebook or Twitter, Matrix does not give any entity the ability to control the platform, making it more free and secure than other social networks. You can download the app for free on either iOS or Android platforms.
What is Matrix?
Matrix is an open-source, free, real-time communication platform that supports messaging, voice and video calls. It allows users to communicate with one another in a secure manner, as it uses end-to-end encryption to ensure privacy. Matrix also relies on a peer-to-peer architecture that enables instant communications without the need for infrastructure.
Matrix is used by thousands of organizations and individuals worldwide to enable communication across all devices, including desktops (MacOS, Windows), laptops (Windows), tablets (iOS and Android) and mobile phones (iOS and Android).
Timeline
Published on: 09/28/2022 21:15:00 UTC
Last modified on: 09/30/2022 16:00:00 UTC
References
- https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
- https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-hw6g-j8v6-9hcm
- https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19
- https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39255