Nighthawk Pockets iOS and ECC Reference Pockets iOS customers ought to improve to the most recent variations as a way to remediate a safety vulnerability. No different wallets are affected by this bug, and remediation steps are outlined beneath.
Vulnerability particulars
In buggy variations of the wallets, when a consumer opted to incorporate their pockets’s deal with in an outgoing memo area utilizing the “Reply-To” characteristic, the pockets would mistakenly embrace the pockets’s secret viewing key reasonably than the pockets’s deal with. In the event you use the Nighthawk Pockets or the ECC Reference Pockets for iOS, you may decide should you had been affected by inspecting every of your pockets’s outgoing transaction memo fields and in search of any “Reply-To” elements that start with “zxview”. A area starting with “zxview” signifies that your pockets’s viewing key was included within the memo reasonably than the pockets’s deal with.
Remediation steps
All customers ought to instantly improve to the most recent model of the pockets software program. In the event you had been affected by the bug, i.e., a number of of your outgoing “Reply-To”’s begins with “zxview”, then the recipients of these memos will be capable to see your pockets’s transaction historical past, together with any memo area contents. As a result of everlasting nature of data saved on the blockchain, it isn’t doable to revoke entry to that data.
To forestall unintentional viewing key recipients from seeing any future transaction particulars, it’s essential to improve your pockets to the most recent software program model, create a brand new pockets, and migrate your funds to the brand new pockets. Please again up your seed phrase previous to making an attempt this to scale back the danger of by accident dropping funds within the course of.
Affected variations
The bug existed within the ECC iOS Reference Pockets 0.3.7-105 codebase from Might 6, 2021 to at the moment. The commit containing the repair is offered right here and in variations of the ECC Reference Pockets 0.5.0-120 or later (for testnet) and 0.4.0-117 or later (for mainnet). The ECC iOS Reference Pockets has a really restricted distribution, nearly fully restricted to ECC staff.
Nighthawk was affected as of model 1.9, which was launched on July 2, 2021. The bug has been fastened as of model of Nighthawk 1.21 which was launched July 11, 2021.
We wish to thank the Nighthawk Pockets builders for locating the bug and performing on it instantly.