Tag: Android

ASA-2019-00555 – Signal Private Messenger: Incoming call can be connected without user interaction

Posted on by Allele Security Intelligence in Alerts

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.

ASA-2019-00554 – WhatsApp: Double free vulnerability in the DDGifSlurp function

Posted on by Allele Security Intelligence in Alerts

A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service.

ASA-2019-00155 – Telegram: Internationalized domain name (IDN) homograph attacks

Posted on by Allele Security Intelligence in Alerts

Telegram (tested on all mobile versions and Linux and Windows for desktop) is vulnerable to an IDN homograph attack when displaying messages containing URLs. Homograph attack is a security vulnerability that can deceive users into thinking they are visiting a certain website when in fact they are directed to a different, but homograph, domain name. This type of vulnerability can be used to weaponize social engineering, increasing the chances for a successful attack.

ASA-2019-00154 – Signal Private Messenger: Internationalized domain name (IDN) homograph attacks

Posted on by Allele Security Intelligence in Alerts

Signal Desktop and Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. Homograph attack is a security vulnerability that can deceive users into thinking they are visiting a certain website when in fact they are directed to a different, but homograph, domain name. This type of vulnerability can be used to weaponize social engineering, significantly increasing the chances for a successful attack.