Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence

From thehackernews.com

Encrypted messaging app Signal has pushed back against “viral reports” of an alleged zero-day flaw in its software, stating it found no evidence to support the claim.

“After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels,” it said in a series of messages posted in X (formerly Twitter).

Signal said it also checked with the U.S. government and that it found no information to suggest “this is a valid claim.” It’s also urging those with legitimate information to send reports to security@signal[.]org.

The development comes as reports circulated over the weekend about a zero-day vulnerability in Signal that could be exploited to gain complete access to a targeted mobile device.

As a security precaution, it’s been advised to turn off link previews in the app. The feature can be disabled by going to Signal Settings > Chats > Generate link previews.

Read more…