The second vulnerability, CVE-2023-24068, was found upon closer study of the client. Moreover, despite the fact that Signal is positioned as a secure messenger and all communications via it are encrypted, the files are stored in unprotected form. When a file is deleted, it disappears from the directory… unless someone answers it or forwards it to another chat. When you send a file to a Signal chat, the desktop client saves it in a local directory. The first vulnerability, CVE-2023-24069, lies in an ill-conceived mechanism that handles files sent via Signal.
All versions up to the latest (6.2.0) are vulnerable. Since Signal desktop applications for all operating systems have a common code base, both vulnerabilities are present not only in the Windows client, but in the MacOS and Linux clients as well. The expert is sure that malefactors can exploit these vulnerabilities for espionage. Cybersecurity researcher John Jackson has published a study on two vulnerabilities he’s found in the Signal messenger desktop client - CVE-2023-24069 and CVE-2023-24068.
0 kommentar(er)
