CVE-2017-5590

Name of the Vulnerable Software and Affected Versions ChatSecure versions 3.2.0 through 4.0.0 Zom versions prior to 1.0.11

Description The issue is related to an incorrect implementation of XEP-0280: Message Carbons in multiple XMPP clients. This allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display, enabling various kinds of social engineering attacks.

Recommendations For ChatSecure versions 3.2.0 through 4.0.0, update to a version outside of this range to resolve the issue. For Zom versions prior to 1.0.11, update to version 1.0.11 or later to fix the problem.