First published: Tue Jul 13 2021(Updated: )
Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wire Wire | <3.84 | |
Apple iPhone OS | >=13.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-32755 is a vulnerability that affects the wire-ios-transport component used by the Wire collaboration platform.
The severity of CVE-2021-32755 is medium with a CVSS score of 4.3.
CVE-2021-32755 affects the wire-ios-transport component of the Wire iOS application, specifically in its websocket implementation.
The affected software version of CVE-2021-32755 is up to but excluding version 3.84 of the Wire iOS application.
No, Apple iPhone OS is not vulnerable to CVE-2021-32755. The vulnerability only affects the Wire iOS application.
Yes, a fix for CVE-2021-32755 is available in version 3.84 or later of the Wire iOS application.
You can find more information about CVE-2021-32755 in the security advisory on the Wire iOS Transport GitHub repository: [link](https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj-w39v).