This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Signal has patched a critical flaw in its Android app that, in some circumstances, sent random unintended images to contacts without an obvious explanation.
The flaw was first reported in December 2020 by Rob Connolly on the app’s GitHub page. Despite being known for months, Signal has fixed the bug only recently. While the team faced a backlash over this delay, Greyson Parrelli, Signal’s Android developer confirmed fixing the bug recently. As per his response on the same GitHub thread, Signal has patched the flaw with the release of the Signal Android app version 5.17.
When a user sends an image via the Signal Android app to one of his contacts, the contact would occasionally receive not just the selected image, but additionally a few random, unintended images, that the sender had never sent out, Connolly explained.
“Standard conversation between two users (let’s call them party A and party B). Party A shares a gif (from built-in gif search). Party B receives the gif, but also some other images, which appear to be from another user (party A has searched their phone and does not remember the images in question). Best case the images are from another contact of B and messages got crossed, worst case they are from an unknown party, who’s [sic] data has now been leaked,” Connolly told while des
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Signal Patches Zero-Day Bug in its Android App