DoS vulnerability: Invalid Accent Colors

Vulnerability

The vulnerability resides in the Wire iOS client (wire-ios) and is triggered when the application processes invalid accent colors received from communication partners. Affected versions are those prior to Wire for iOS 3.100. The root cause is an assert statement in the UIColor.nameColor(for:variant:) method that throws an exception when accentColor.rawValue exceeds ZMAccentColor.max.rawValue, instead of falling back to a default value. The fix removes the assert and uses a safe conversion via AccentColor(ZMAccentColor:) with a default of .strongBlue [1].

Exploitation

An attacker, who is a Wire user, can send an invalid accent color value to a victim using the Wire iOS client. No special privileges or network position beyond being able to communicate with the victim are required. Upon receiving the invalid accent color, the victim's client will crash on launch when attempting to display the name color for that contact. The crash recurs on every subsequent launch until the invalid accent color is removed or the client is upgraded.

Impact

Successful exploitation results in a denial of service (DoS) condition, rendering the Wire iOS client unusable due to repeated crashes on launch. The victim cannot use the app until they either upgrade to a fixed version or switch to another Wire client. There is no impact on confidentiality or integrity.

Mitigation

The issue is fixed in Wire for iOS 3.100, released on or before 2022-06-23. The fix is also available in the referenced commit [1]. Users should upgrade to version 3.100 or later. No workaround exists; users may temporarily use other Wire clients (such as the web app) to continue using Wire.