Vendor
TrueConf Client downloads application updates without verifying integrity, allowing a network attacker to substitute a tampered payload, leading to arbitrary code execution.