❌

Normal view

There are new articles available, click to refresh the page.
Today β€” 18 April 2024Shielder

Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers

18 April 2024 at 08:00
TL;DR During a security audit of Element Android, the official Matrix client for Android, we have identified two vulnerabilities in how specially forged intents generated from other apps are handled by the application. As an impact, a malicious application would be able to significatively break the security of the application, with possible impacts ranging from exfiltrating sensitive files via arbitrary chats to fully taking over victims’ accounts. After private disclosure of the details, the vulnerabilities have been promptly accepted and fixed by the Element Android team.
❌
❌