Update vulnerable Matrix Clients (CVE-2021-40823CVE-2021-40824) E2EE
Clients affected are:
matrix-android-sdk2 < 1.2.2 (CVE-2021-40824), including:
Element (Android) < 1.2.2
SchildiChat (Android) < 1.2.2.sc43
Please update fast, otherwise E2EE keys can be compromised
Specifically, in certain circumstances it may be possible to trick vulnerable clients into disclosing > encryption keys for messages previously sent by that client to user accounts later compromised by an > attacker.
Exploiting this vulnerability to read encrypted messages requires gaining control over the recipient’s > account. This requires either compromising their credentials directly or compromising their homeserver.
Thus, the greatest risk is to users who are in encrypted rooms containing malicious servers. Admins of > malicious servers could attempt to impersonate their users' devices in order to spy on messages sent > by vulnerable clients in that room.