January 22, 2025

Signal Bug: What Signal has to say on the bug that ‘allowed takeover of devices’

[ad_1]

Signal Messenger has refuted reports which claimed that a vulnerability has allowed for a full takeover of devices. The WhatsApp competitor said that it conducted an investigation and found no evidence of such a flaw.
Reports suggested that a new zero-day vulnerability connected to its ‘Generate Link Previews’ feature had the potential to exploit devices completely.
“PSA: we have seen the vague viral reports alleging a Signal 0-day vulnerability. After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels,” it said in a post on X (formerly Twitter).
“We also checked with people across [the] US Government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim. We take reports to security@signal.org very seriously, and invite those with real info to share it there,” it added.
What is a zero-day vulnerability?
A zero-day vulnerability is a flaw in a system that has been disclosed but is not yet patched by the concerned company. This poses a high risk to users, and if exploited by cybercriminals, can cause millions of dollars in damage.
As per Google’s Project Zero, around 50 such issues have already been discovered in 2023 – more than in the whole year of 2022. Google’s Project Zero tracks new zero-day problems at major software vendors.
Last week, Microsoft released the October 2023 security update which patched three actively exploited zero-day vulnerabilities and 104 flaws. It also fixed 45 remote code execution (RCE) bugs, out of which 12 vulnerabilities were rated as ‘Critical’.
Microsoft was among the list of four companies – others being Google, Amazon and Cloudflare – that mitigated a massive DDoS cyber attack that targeted their services.



[ad_2]

Source link