![]() ![]() The potential risks for January 2023 associated with CVE-2023-24069 are more or less understandable. Thus, in further transmissions, the user will distribute the spoofed file instead of the one he intended to forward. That is, if the forwarded file opens on the client's desktop, someone can replace it in the local folder with a fake one. In theory, this allows an attacker to replace them. It turned out that the program does not have a file verification mechanism. The second vulnerability, CVE-2023-24068, was discovered by closer examination of the client from Signal. Two vulnerabilities were discovered in the Signal messenger, allowing anyone to view attachments in correspondence Moreover, despite the fact that Signal is positioned as a secure messenger and all messages are encrypted through it, files are stored in an unprotected form. When a file is deleted, it disappears from the directory unless someone responds to it or forwards it to another chat. When a user sends a file to a Signal chat, the desktop client saves it in the local directory. The first vulnerability, CVE-2023-24069, lies in an ill-conceived mechanism for processing files sent via Signal. All versions are vulnerable up to the latest version on Janu(6.2.0). ![]() Since Signal desktop applications for all operating systems share a common code base, both vulnerabilities are present not only in the Windows client, but also in the MacOS and Linux clients. They were designated CVE-2023-24069 and CVE-2023-24068.Īccording to the expert, attackers can use these vulnerabilities for espionage. 2023: A hole in the messenger allows you to view attachments in the correspondence of other usersĪt the end of January 2023, John Jackson, a specialist in information security, published a study on two vulnerabilities he discovered in the Signal messenger desktop client. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |