Following the rumors about a zero-day flaw in the Signal app, the developers have debunked the reports. As explained, they found no traces of any zero-day vulnerability in the app, asking for evidence (if any) in this regard.
Signal Confirms No Truth In Zero-Day Rumors
Recently, rumors about a serious zero-day vulnerability in the Signal app stirred up the news world, worrying the users. While no specific details surfaced online, it allegedly affected the Signal app’s link preview feature, as the users posted about it on various platforms.
It appeared that the vulnerability in the generated link previews could allow an adversary to take complete control of the target device during link preview generation.
Regarding preventing the issue, the users posting about the flaw advised Signal users to disable link preview generation.
Apparently, the rumored issue seemed viable, as such vulnerabilities have been reported in the past, too. However, as the security community clarified, while asking for genuine reports and evidence regarding the rumored vulnerability, Signal link previews work differently from most other apps.
Specifically, Signal generates link previews on the recipient user’s device instead of server-side, which reduces the probability of the spread of malicious content. And if any vulnerabilities affect the link preview feature, disabling previews won’t really help to prevent the exploit.
As the reports gained traction, Signal finally issued an official statement debunking the rumors. According to its post on X (formerly Twitter), Signal confirmed detecting no such vulnerabilities in the app. Nor did it receive any bug reports from the researchers.
We also checked with people across US Government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim.
We take reports to [email protected] very seriously, and invite those with real info to share it there. 2/
— Signal (@signalapp) October 16, 2023
This official statement finally stopped the rumor mill, and some users who initially posted about the matter also posted clarifications to prevent misinformation.
Apparently the information I had been given earlier was false. Please disregard my tweet from yesterday about Signal having a link preview vulnerability.
I spend my life fighting disinformation online, so I always regret when I accidentally spread it. My apologies. https://t.co/zUGlMClfWZ
— Kevin Gaughen ???????? (@gaughen) October 16, 2023
Hence, now, Signal users may breathe a sigh of relief as their preferred messaging app remains safe. Nonetheless, what remains crucial is keeping the respective devices up-to-date with the latest Signal releases to receive all bug fixes and security patches in time.
Let us know your thoughts in the comments.