A team of Security researchers discovered a vulnerability in the popular end-to-end encrypted Signal messaging app. This vulnerability allowed remote attackers to inject malicious code on the recipients’ Signal desktop app just by sending them a message—without requiring any user interaction.
Just by sending a malicious HTML/javascript code as a message to the victim, and then quote/reply to that same message with any random text, an attacker can easily steal the information. The payload can be easily executed as soon as the victim receives the quoted message with the malicious code and doesn’t need any user interaction. This would have been a serious threat to Signal users if not it had come to the notice of Signal developers. Learn more from here
Signal has identified and patched the flaw and released the updated Signal Desktop version 1.11.0 for Windows, macOS, and Linux users. The signal app has an auto-update mechanism, so most users must have the update already installed. You can read this guide to ensure if you are running an updated version of Signal.
