![]() The potential risks posed by CVE-2023-24069 are more or less understandable. How might these vulnerabilities be dangerous? Therefore, with further transfers, a user will distribute the switched file instead of the one they were intended to forward. That is, if the forwarded file is opened on the desktop client, someone could replace it in the local folder with a forged one. ![]() Theoretically, this allows an attacker to replace them. It turns out that the client lacks a file validation mechanism. The second vulnerability, CVE-2023-24068, was found upon closer study of the client. ![]() Moreover, despite the fact that Signal is positioned as a secure messenger and all communications via it are encrypted, the files are stored in unprotected form. When a file is deleted, it disappears from the directory… unless someone answers it or forwards it to another chat. When you send a file to a Signal chat, the desktop client saves it in a local directory. The first vulnerability, CVE-2023-24069, lies in an ill-conceived mechanism that handles files sent via Signal. All versions up to the latest (6.2.0) are vulnerable. ![]() Since Signal desktop applications for all operating systems have a common code base, both vulnerabilities are present not only in the Windows client, but in the MacOS and Linux clients as well. The expert is sure that malefactors can exploit these vulnerabilities for espionage. Cybersecurity researcher John Jackson has published a study on two vulnerabilities he’s found in the Signal messenger desktop client - CVE-2023-24069 and CVE-2023-24068.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |