Over the course of last weekend, news of one spread online zero-day security vulnerabilities Of Signal related to the function Generate link previews. After a thorough investigation of the platform, it declared that there is no tangible evidence of the existence of this potential bug.
Signal’s statements come after several reports, both via the site BleepingComputer than through social media Xof some users who would have completely lost control of their device following this vulnerability.
We also checked with people across US Government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim.
We take reports to [email protected] very seriously, and invite those with real info to share it there. 2/
— Signal (@signalapp) October 16, 2023
“PSA: We’ve seen vague viral reports alleging a Signal 0-day vulnerability” we read in a statement on the aforementioned social network. Through the same channel, Signal then announced how “After responsible investigation *we have no evidence to suggest this vulnerability is real* nor has any further information been shared via our official reporting channels“.
“We also checked with people in the US government, since the copy-paste report listed USG as the source. Those we spoke to have no information to suggest this is a valid claim“.
Signal’s zero-day vulnerability has not been confirmed, but the platform remains on high alert
Also strong of such reliable sources, news of the alleged zero-day spread quickly online and in the cybersecurity community Saturday afternoon. The rumors, coming from anonymous figures, had also proposed the potential solution to the bug, i.e. deactivating the aforementioned Generate link previews setting.
While Signal said it has no evidence of a new zero-day, it still requests that those with new, “real” information contact its security team.