Signal Desktop gatecrashed by web vulnerabilities
In Summary : Basic vulnerabilities were discovered by accident twice within Signal Desktop this week, raising questions about the app’s s...
https://updatesinfosec.blogspot.com/2018/05/signal-desktop-gatecrashed-by-web.html
In Summary :
Basic vulnerabilities were discovered by accident twice within Signal Desktop this week, raising questions about the app’s security. A cross-site scripting (XSS) bug which allowed remote code execution (RCE) was first disclosed by researchers who posted a video of the successful exploit on Twitter. The researchers – Ivan Ariel Barrera Oro, Alfredo Ortega, and Juliano Rizzo – stumbled across the flaw in Signal’s desktop app. By sending a message, an attacker could have taken complete control over a user’s system. Signal is widely-used due to its robust privacy guarantees, and while this bug (CVE-2018-10994) did not affect the encryption directly, by taking control over the system an attacker could still access encrypted messages. Researcher Matthew Bryant decided to try his luck at figuring [...]
kindly refer the following link as follow up :
https://ift.tt/2rPJ9ns
Basic vulnerabilities were discovered by accident twice within Signal Desktop this week, raising questions about the app’s security. A cross-site scripting (XSS) bug which allowed remote code execution (RCE) was first disclosed by researchers who posted a video of the successful exploit on Twitter. The researchers – Ivan Ariel Barrera Oro, Alfredo Ortega, and Juliano Rizzo – stumbled across the flaw in Signal’s desktop app. By sending a message, an attacker could have taken complete control over a user’s system. Signal is widely-used due to its robust privacy guarantees, and while this bug (CVE-2018-10994) did not affect the encryption directly, by taking control over the system an attacker could still access encrypted messages. Researcher Matthew Bryant decided to try his luck at figuring [...]
kindly refer the following link as follow up :
https://ift.tt/2rPJ9ns
