An app may be able to access sensitive user data.Ī type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. Version 3.119.10 fixes this issue.Ī privacy issue was addressed with improved handling of files. This issue was tested with iOS and the web app, but it is possible all clients are affected. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails.
In this case, a user can no longer access received e-mails. By sending a manipulated email, an attacker could put the app into an unusable state.
Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets. The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023.