Signal has patched a critical flaw in its Android app that, in some circumstances, sent random unintended images to contacts without an obvious explanation. The flaw was first reported in December 2020 by Rob Connolly on the app's GitHub page. Despite being known for months, Signal has fixed the bug only recently. While the team faced a backlash over this delay, Greyson Parrelli, Signal’s Android developer confirmed fixing the bug recently. As per his response on the same GitHub thread, Signal has patched the flaw with the release of the Signal Android app version 5.17. When a user sends an image via the Signal Android app to one of his contacts, the contact would occasionally receive not just the selected image, but additionally a few random, unintended images, that the sender had never sent out, Connolly explained. “Standard conversation between two users (let’s call them party A and party B). Party A shares a gif (from built-in gif search). Party B receives the gif, but also some other images, which appear to be from another user (party A has searched their phone and does not remember the images in question). Best case the images are from another contact of B and messages got crossed, worst case they are from an unknown party, who's [sic] data has now been leaked,” Connolly told while describing the flaw. At this time, the flaw seems to have only impacted the Android version of the app. Signal Android app users should update to the latest version of the app, available on the Google Play store, researchers advised.Last year in May 2020, cybersecurity researchers at Tenable discovered a flaw in the ..
Support the originator by clicking the read the rest link below.