URGENT SIGNAL ZERO DAY
Disable generate link preview in signal settings under chats. https://video.nostr.build/a8add5e7937bcde3616b2be969aed1e41a5df9452e5122c06fbe6ebc53de7cd3.mov
Discussion
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://github.com/search?q=repo%3Asignalapp%2FSignal-iOS%20libwebp&type=code
https://github.com/search?q=repo%3Asignalapp%2FSignal-Android%20libwebp&type=code
Not sure what I'm supposed to take away from your post. 😬
Is this confirming that actually there are vulnerabilities? I cannot open the github links without an account.
They were using a library with a vulnerability in it. If you updated signal recently. You're fine. Or disable the link preview and you're fine.