However, the vulnerability was immediately patched by Signal.įor the second time in less than a week, the same team of security researchers discovered another severe vulnerability in Signal messaging app. And it is platform independent" – stated the blog post. Anyone can initiate a conversation in Signal, so the attacker just needs to send a specially crafted URL to pwn the victim without further action. "The critical thing here was that it didn't require any interaction with the victim, other than simply being in the conversation. XSS or commonly known as cross-site scripting attack is a popular attack vector that allows attackers to inject malicious code into a vulnerable web application. When one of them shared a link to a vulnerable site with an XSS payload in its URL, it unexpectedly got executed on the Signal desktop app. The vulnerability was discovered accidentally when Iván Ariel Barrera Oro, Alfredo Ortega, and Juliano Rizzo were chatting on Signal messenger app. A team of white hat hackers has revealed a code injection vulnerability that could have been exploited by remote attackers to inject a malicious payload inside the signal desktop app running on the recipients' system just by sending them a specially crafted link- without requiring any user interaction. Vulnerabilities in Signal messaging app are getting exposed back to back. Signal is one of the most trusted end-to-end encrypted messaging app used by millions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |