Signal says there is no evidence of a zero-day hitting the encrypted chat app. Rumors emerged this weekend that there was a vulnerability in the link preview function, but Signal denies this.
Signal writes on X that it has seen the ‘vague viral notifications’ that allegedly indicate that there is a zero day in the chat app. “In our research, we saw no evidence that this vulnerability actually exists,” the app’s creators say. “No additional information has been shared through our official channels.” The makers say in another post also contacted the US government. The message stated that this would be the possible source of the report. “Those we spoke to have no information that would indicate these claims are valid.”
Earlier this weekend, several reports circulated about such a possible vulnerability. The original source is difficult to trace, but the message was distributed through different accounts. The rumors indicated that the information through ‘unofficial channels within the US government’ was distributed. The rumors did not reveal any details about the vulnerability. There was talk of a zero-day, but it is unclear whether it was actively abused. The bug is said to be in the link preview functionality. The warning advised users to disable that functionality through the settings.
It is not known who exactly is behind the rumor and where it comes from. Signal CEO Meredith Whittaker speculates that it may be a disinformation campaign. However, she does not provide an explanation for this, so it is not clear what she is basing this on.