Signal is considered one of the best and most secure messaging applications. However, in the space of one week, two serious security vulnerabilities have been detected. So they have seriously damaged the secure image that the application had until now. What vulnerabilities have been detected?
Two serious vulnerabilities detected in Signal in one week
The first error detected allowed remote attackers to execute malicious code in the application, particularly in the recipient system. While the other allowed attackers to obtain conversations in plain text format.
Signal Vulnerabilities
The first bug, which we have already told you briefly, allowed the attackers to send a message without the need for user interaction. This alone could execute malicious code in the application. A serious failure, but one that Signal solved quickly. Because they’ve already offered several updates to mitigate the vulnerability.
Even though everything seemed to be going well, a new failure arises. In this case, the attacker can remotely inject malicious code into the desktop version. This vulnerability affects the message validation function. What you need to do is send a malicious HTML/JavaScript code as a message and then quote or reply to that message. That’s it, no interaction needed.
These are two serious problems that show that Signal can also be vulnerable. Something that damages the image of the application. Fortunately, the company has already released an update that fixes these bugs. So in principle, it seems that the situation has been resolved satisfactorily.