Matthew Green

**Name of the Vulnerable Software and Affected Versions** TeleMessage versions prior to 2025-05-05 **Description** The TeleMessage archiving backend holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation. This issue has been exploited in the wild in May 2025. The vulnerability allows unauthorized access to private messages and group chats that were intended to be secure, raising concerns about data security for individuals and government officials who use the application. It is estimated that a significant number of devices may be affected, including those used by high-ranking government officials and federal agencies. **Recommendations** As a temporary workaround, consider disabling the use of the TeleMessage archiving backend until a patch is available. Restrict access to the TeleMessage application to minimize the risk of exploitation. Avoid using the TeleMessage application for sensitive communications until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TeleMessage archiving backend versions through 2025-05-05 **Description** The issue concerns the acceptance of API calls from the TM SGNL (aka Archive Signal) app to request an authentication token, using hardcoded credentials. The credentials used are `logfile` for the user and `enRR8UVVywXYbFkqU#QDPRkO` for the password. **Recommendations** For versions through 2025-05-05, consider disabling the API endpoint that accepts authentication token requests from the TM SGNL app until a patch is available. Restrict access to the affected API endpoint to minimize the risk of exploitation. Avoid using the hardcoded credentials `logfile` and `enRR8UVVywXYbFkqU#QDPRkO` in the affected API calls until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13 **Description** The issue involves the `Captive Network Assistant` component, which has a UI error. This error can lead to cleartext transmission of passwords without the user's awareness when using the captive portal browser. Remote attackers can discover cleartext passwords by sniffing the network during use of the captive portal browser in opportunistic circumstances. **Recommendations** For macOS versions prior to 10.13, update to version 10.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3 Apple OS X versions prior to 10.11.4 Apple watchOS versions prior to 2.2 **Description** The issue is related to the incorrect operation of a cryptographic protection mechanism in the operating systems. This could allow a remote attacker to influence the confidentiality of protected information. The problem arises from the improper implementation of a cryptographic protection mechanism, which enables remote attackers to read message attachments through vectors related to duplicate messages. **Recommendations** For Apple iOS versions prior to 9.3, update to version 9.3 or later to resolve the issue. For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue. For Apple watchOS versions prior to 2.2, update to version 2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3 **Description** The issue exists due to insufficient input validation in the Messages component of the iOS operating system. It can be exploited by a remote attacker using a specially crafted SMS message with a URL to obtain confidential information. **Recommendations** For versions prior to 9.3, update to version 9.3 or later to resolve the issue.