Threat Intelligence, Vulnerability Management
Rumored zero-day exploit dismissed by Signal
SecurityWeek reports that encrypted instant messaging platform Signal has shut down reports regarding a zero-day vulnerability impacting its chat app that became viral over the weekend, saying that further investigation has revealed no evidence to support the legitimacy of the rumored flaw.
Such reports of a zero-day in Signal stemmed from a copy-pasted alert purported to be from the U.S. government that warned potential device takeovers from the exploitation of the messaging app's "generate link preview" functionality.
However, Signal noted on X, formerly Twitter, that it was not able to substantiate claims that the warning came from the federal government. Prior to the rumors, several experts had already warned about the risk of the generate link preview function, which could be leveraged to facilitate IP address and link exposures, as well as unwanted data downloads in the background, with the feature already associated with critical flaws in the WhatsApp messaging app.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds