Impact
What kind of vulnerability is it? Who is impacted?
currently the way end to end encryption is made is vulnerable to attack.
because the private key is send into each devices who download the app.
from the private key you can derivate the public key.
and create a new bundle who will be valid to install.
so a MIM attack or hacking capgo could lead to install a update not made by the original app maker.
Patches
Has the problem been patched? What versions should users upgrade to?
Not for now
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Finding a pair key system where the public key cannot be derivated would fix it
References
Are there any links users can visit to find out more?
Impact
What kind of vulnerability is it? Who is impacted?
currently the way end to end encryption is made is vulnerable to attack.
because the private key is send into each devices who download the app.
from the private key you can derivate the public key.
and create a new bundle who will be valid to install.
so a MIM attack or hacking capgo could lead to install a update not made by the original app maker.
Patches
Has the problem been patched? What versions should users upgrade to?
Not for now
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Finding a pair key system where the public key cannot be derivated would fix it
References
Are there any links users can visit to find out more?