Signal Disputes Alleged Zero-Day Flaw


The encrypted messaging app Signal has refuted widespread claims of a zero-day software vulnerability. After an investigation, the company has found no substantiated evidence supporting the existence of this purported flaw.

In a series of social media posts on X (formerly Twitter), Signal stated that they had found no evidence of the claimed vulnerability and urged individuals with credible information to submit reports to

The development unfolds amid a broader cybersecurity landscape, with reports emerging over the weekend regarding a zero-day exploit in Signal, which could potentially provide unauthorized access to a targeted mobile device.

“A zero day exploit for signal was discovered that gives access to your full device,” wrote Blackswan CEO Mike Saylor on LinkedIn on Sunday.

Additionally, it’s worth noting that various users on Mastodon, a decentralized social media platform, also seemed to mention the same vulnerability, adding to the complexity of the situation.

In light of these concerns, users were recommended to turn off link previews within the Signal app for added security. This can be achieved by navigating to Signal Settings > Chats > Generate link previews.

Read more on messaging apps’ security: Malicious WhatsApp Mod Spotted Infecting Android Devices

However, Signal took to X to clarify its position, indicating that they had consulted with individuals in the United States government, as the original report cited the USG as the source. Signal added, “Those we spoke to have no information suggesting this is a valid claim.”

While Signal maintains its stance that there is no substantiated evidence of the aforementioned zero-day vulnerability, they did encourage those with fresh, credible information to engage with their security team.

Given the evolving nature of this investigation and the recommended precaution to temporarily deactivating the link previews feature, users may consider it prudent to disable this setting until the authenticity of the alleged vulnerability is definitively determined.

Editorial image credit: rafapress /

Products You May Like

Articles You May Like

How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe
UK General Election: Tech Policy Expert Calls for Law Overhaul to Combat Deepfakes
U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
Arid Viper Hackers Spy in Egypt and Palestine Using Android Spyware

Leave a Reply

Your email address will not be published. Required fields are marked *