The Latest in IT Security

Signal Rushes to Patch Serious Eavesdropping Vulnerability

07
Oct
2019
Signal Rushes to Patch Serious Eavesdropping Vulnerability

The flaw, tracked as CVE-2019-17191, was discovered by Google Project Zero researcher Natalie Silvanovich. The issue was reported to Signal developers in late September and it was patched very quickly with the release of version 4.47.7 for Android.

The vulnerability can be exploited by using a specially crafted Signal client. The client initiates an audio call to the targeted user, and once it starts ringing, the attacker presses the audio mute button on their end, which forces the called device to answer the call.

Silvanovich noted in her bug report that the attacker cannot force the application to answer a video call.

Related posts:
  1. Google Fixes Critical Android Vulnerabilities
  2. Google Patches Six Critical Mediaserver Bugs in Android
  3. Android Overlay and Accessibility Features Leave Millions at Risk
  4. Google Researchers Find Remotely Exploitable Vulnerabilities in iOS
  5. Google Removes Vulnerable Library from Android

Read More

Tags:  
Written by Feedproxy
0 Comments
Comments are closed.

Categories

SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments