-
Licaon_Kter
PSA: https://nvd.nist.gov/vuln/detail/CVE-2022-40674
-
MattJ
For a moment I thought this would be the WhatsApp CVE 🙂
-
mjk
whats the whatsapp cve?
-
Menel
Security-Alert Meldungen: *WhatsApp: Kritische Sicherheitslücke erlaubt Codeschmuggel bei Videoanrufen* Zwei Sicherheitslücken in WhatsApp ermöglichen Angreifern, Opfern Schadcode unterzujubeln. Aktualisierte App-Versionen dichten die Lecks ab. https://www.heise.de/news/WhatsApp-Kritische-Sicherheitsluecke-erlaubt-Codeschmuggel-bei-Videoanrufen-7274930.html
-
Martin
Menel: wrong language. 😉
-
MattJ
mjk: https://nvd.nist.gov/vuln/detail/CVE-2022-36934
-
moparisthebest
MattJ: eek is that a vuln in the same webrtc lib that all the XMPP clients use too? :/ https://matrix.org/blog/2022/09/23/pre-disclosure-upcoming-critical-security-release-of-matrix-sd-ks-and-clients has me suspicious
-
moparisthebest
Luckily I don't make calls with malicious actors personally :|
-
MattJ
moparisthebest, that sounds like something related to E2EE, rather than WebRTC, but yeah... I share the suspicion that ultimately this might be a vulnerability in WebRTC or specific usage of it.
-
moparisthebest
Nothing says security or overflow here https://webrtc.googlesource.com/src/+log but there are some "fix math" commits 🤔
-
moparisthebest
Ok the matrix security problems weren't webrtc related at least, but wow https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
-
Licaon_Kter
moparisthebest: did you rebuild all your libexpat dependent binaries yet? :)