CVE-2021-41094

Name of the Vulnerable Software and Affected Versions Wire versions prior to 3.70

Description The issue allows users to bypass the mandatory encryption at rest feature by disabling their device passcode. When the app launches, it attempts to enable encryption at rest by generating encryption keys via the Secure Enclave, but it fails silently if no device passcode is set. The user is not notified that encryption at rest is not active, as this feature is hidden from them.

Recommendations For versions prior to 3.70, update to version 3.70 to resolve the issue. As a temporary workaround, consider enabling the device passcode to ensure encryption at rest is active.