Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148
Description
Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: RocketChat
PRODUCT: Rocket.Chat
AFFECTED_VERSIONS: Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13
---END_METADATA---
Description Summary:
Rocket.Chat contains an authentication bypass vulnerability in its Apple OAuth flow, allowing attackers to forge JWTs and perform account takeovers.
Executive Summary:
A critical authentication bypass flaw in Rocket.Chat’s Apple OAuth integration allows attackers to forge identity tokens and hijack user accounts.
Vulnerability Details
CVE-ID: CVE-2026-55666
Affected Software: RocketChat Rocket.Chat
Affected Versions: Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13
Vulnerability: The
handleIdentityTokenfunction improperly validates Apple-issued JWTs during the login process. If an email parameter is missing from the token, the system incorrectly falls back to accepting an arbitrary email provided by the request, allowing an unauthenticated attacker to impersonate any user.Business Impact
This vulnerability carries a CVSS score of 9.3, representing a critical risk to organizational communication security. Successful exploitation grants attackers unauthorized access to private corporate communications, potentially leading to massive data breaches, intellectual property theft, and the impersonation of high-level personnel.
Remediation Plan
Immediate Action: Update Rocket.Chat to the latest patched version (8.5.1 or relevant series-specific patch) immediately.
Proactive Monitoring: Review authentication and session logs for spikes in login activity or successful authentications involving unrecognized email patterns.
Compensating Controls: Temporarily disable the Apple OAuth login provider if the update cannot be applied immediately to prevent exploitation.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Jun 24, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Authentication bypass vulnerabilities are high-priority targets for attackers due to the ease of exploitation and the depth of access gained. Organizations must expedite the patching process to secure their communication platform and maintain the confidentiality of internal messaging.