CVE-2026-35049
Description
Wire iOS client crashes and enters a loop when receiving a crafted message, requiring reinstallation to fix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Wire iOS client crashes and enters a loop when receiving a crafted message, requiring reinstallation to fix.
Vulnerability
Prior to version 4.16.0, the Wire iOS client would crash upon receiving a crafted Proteus external message with an encrypted payload shorter than 16 bytes. This vulnerability affects all versions of wire-ios before 4.16.0 [1].
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted malicious Proteus external message with an encrypted payload shorter than 16 bytes to a Wire iOS user. The crash occurs automatically upon message reception, requiring no user interaction [1].
Impact
Upon successful exploitation, the Wire iOS client crashes. The malicious message persists within the conversation, causing the application to enter a crash loop upon relaunch. The app cannot be reopened until the local state is wiped, typically through reinstallation [1].
Mitigation
This issue has been fixed in version 4.16.0, which includes a necessary length check and is available on the App Store. No workarounds are known to be available [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.