← volver
CVE-2021-21301

Video feed was captured while user has disabled video

CVSS 2.6 LOWEPSS 0.9%CWE-200
Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Productos afectados
wireapp · wire-ios

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/wireapp/wire-ios/commit/7e3c30120066c9b10e50cc0d20012d0849c33a40https://github.com/wireapp/wire-ios/pull/4879https://github.com/wireapp/wire-ios/security/advisories/GHSA-7fg4-x8vj-qvxf