Signal App New Zero-day Targeting Link Preview.
So far I have been unable to confirm this zero-day from other sources, after first noticing it being mentioned on Mastodon, then I found a post by Mike Saylor at Blackswan Cybersecurity.
A zero day exploit for signal was discovered that gives access to your full device. To close the vulnerability, have everyone go to setting under your profile in signal> chats> deselect “generate link preview”.
So how does the Link preview feature work?
Signal, unlike other messaging apps, does not generate link previews server-side, instead it does this directly on the sender’s device.
This keeps your IP address hidden and minimizes the risk of harmful content reaching the recipient.
So disabling link preview is a good precaution, but it only prevents creation of link previews on your side.
You are still able to receive them from other people.
So if the vulnerability is inside the link preview function, disabling this feature, will not protect any recipient.
Exploit brokers businesses are thriving:
Russia-based OpZero went on the record recently with a $1.5 million offer for Signal remote code execution (RCE) exploits, more than tripling the relatively stable high-water mark for that app offered by American firm Zerodium. According to DarkReading.
TechCrunch recently revealed that zero-days for infiltrating messaging apps like WhatsApp are now being sold for anywhere between $1.7 and $8 million in 2023.
Mentions nothing about any zero-day.
But on X (former Twitter) they posted this:
PSA: we have seen the vague viral reports alleging a Signal 0-day vulnerability. After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels.
We also checked with people across US Government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim.
An investigation is still ongoing, so it wouldn't hurt to take the recommended precautions.
(CVE-2023-4863) - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Severity high 8.8.