Two serious vulnerabilities detected in signal in one week

Signal is considered one of the best and safest messaging applications. Although in one week two serious security vulnerabilities have been detected in it. So they have seriously damaged the safe image that the application had so far. What vulnerabilities have been detected?

Two serious vulnerabilities detected in Signal in one week

The first detected error allowed remote attackers to execute malicious code in the application, specifically in the recipient system. While the other allowed attackers to obtain conversations in plain text format.

Signal vulnerabilities

The first flaw, which we have briefly told you about, allowed attackers to send a message without user interaction. Only with this could malicious code be executed in the application. A serious failure, but that from Signal quickly resolved. Because they already offered several updates to alleviate the vulnerability.

Although everything seemed to be going well, a new flaw arises. In this case, the attacker can remotely inject malicious code into the desktop version. This vulnerability affects the message validation function. What you have to do is send a malicious HTML / JavaScript code as a message and then quote or reply to that message. So there you go, no interaction needed.

These are undoubtedly two serious problems that show that Signal can also be vulnerable. Something that damages the image of the application. Luckily, the company has already released an update that addresses these glitches. So in principle it seems that the situation has been resolved satisfactorily.

The Hacker News Font