CVE-2022-39257

Name of the Vulnerable Software and Affected Versions Matrix iOS SDK versions prior to 0.23.19

Description The issue allows an attacker, in cooperation with a malicious homeserver, to construct messages that appear to come from another person. These messages may be marked with a grey shield on some platforms, but this indicator may be missing on others. This is due to a too permissive key forwarding strategy implemented in the Matrix iOS SDK. The SDK has been updated to only accept forwarded keys in response to previously issued requests and only from own, verified devices. A trusted flag is set on decrypted messages based on whether the key used for decryption was from a trusted source. Clients should ensure that messages decrypted with a key marked as trusted = false are appropriately decorated, such as displaying a warning. This attack requires coordination between a malicious home server and an attacker.

Recommendations For versions prior to 0.23.19, update to version 0.23.19 or later to resolve the issue. As a temporary workaround, consider implementing a strict key forwarding policy and ensuring that messages decrypted with untrusted keys are decorated with warnings, such as displaying a grey shield or a similar indicator. Clients should ensure that messages with trusted = false are handled appropriately, for example, by showing a warning for such messages.