Pierluigi Paganini
October 16, 2023
The popular encrypted messaging app Signal denied claims of an alleged zero-day vulnerability in its platform. The company launched an investigation into the claims after they have seen the vague viral reports alleging a zero-day vulnerability.
“PSA: we have seen the vague viral reports alleging a Signal 0-day vulnerability. After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels.” reads the tweet published by the company.
PSA: we have seen the vague viral reports alleging a Signal 0-day vulnerability.
— Signal (@signalapp) October 16, 2023
After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels.
The company also added that it has checked with the U.S. Government to determine if they were aware of a zero-day exploit for their platform.
We also checked with people across US Government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim.
— Signal (@signalapp) October 16, 2023
We take reports to security@signal.org very seriously, and invite those with real info to share it there. 2/
Rumors circulated over the weekend about a zero-day flaw in the Signal platform that could be exploited to take over the target device. Some researchers reported that the flaw affected the link preview feature of the mobile app and urged users to disable it. Researchers fear that commercial surveillance vendors could be aware of a zero-day vulnerability in the Signal app that allowed their spyware to completely control the target devices.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Signal)
