Replying to Avatar Jordan Eskovitz

Avatar
average_bitcoiner 2y ago

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

https://github.com/search?q=repo%3Asignalapp%2FSignal-iOS%20libwebp&type=code

https://github.com/search?q=repo%3Asignalapp%2FSignal-Android%20libwebp&type=code

Reply to this note

Please Login to reply.

Discussion

Avatar
Jordan Eskovitz 2y ago

Not sure what I'm supposed to take away from your post. 😬

Avatar
Jordan Eskovitz 2y ago

Is this confirming that actually there are vulnerabilities? I cannot open the github links without an account.

Avatar
average_bitcoiner 2y ago

They were using a library with a vulnerability in it. If you updated signal recently. You're fine. Or disable the link preview and you're fine.

Avatar
average_bitcoiner 2y ago

CVE was a Critical vulnerability for libwebp. Signal iOS and Android use libwebp.

Avatar
Jordan Eskovitz 2y ago

Ah okay, interesting. Thanks.