all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Signal Client v6.2 and earlier versions vulnerable to CVE-2023–24068 & CVE-2023–24069

Add to bookmarks
Jan. 24, 2023, 6:36 a.m. | Salvador Beltrán

InfoSec Write-ups - Medium infosecwriteups.com

After I read the PoC from John Jackson, I had to try. I ran into my computer and checked the version of the Signal Client that I had installed. The version is 6.2.0, which is allegedly vulnerable. So I started reading about how I can explode the CVE-2023–24068. And this brings us to CVE-2023–24069:

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allow an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. The cached …

client cve cybersecurity security-vulnerabilities signal vulnerable

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Private Interact.sh server setup with a web dashboard 15 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking tools +1
Understanding 403 Bypass: A Critical Vulnerability in Web Application Security 1 day, 15 hours ago | infosecwriteups.com
403 bypass access application applications +28
Hack Stories: Hacking Hackers EP:3 2 days, 15 hours ago | infosecwriteups.com
big bug bounty cybersecurity hack +9
Mastering Shodan Search Engine 3 days, 16 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity information security +1
Email Verification Bypass via Remember Me 3 days, 16 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking pentesting +1
Exploiting Symlinks: A Deep Dive into CVE-2024–28185 and CVE-2024–28189 of Judge0 Sandboxes 3 days, 16 hours ago | infosecwriteups.com
attacks code code execution continue +15
Typo Trouble: Exploring the Telegram Python RCE Vulnerability 3 days, 16 hours ago | infosecwriteups.com
address alerts application concept +25
Active DNS Recon using AXIOM 3 days, 16 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
Information Disclosure: Story of 500€ + 400$ Bounty 3 days, 16 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking information technology +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Consultant

@ Auckland Council | Central Auckland, NZ, 1010
View on infosec-jobs.com

Security Engineer, Threat Detection

@ Stripe | Remote, US
View on infosec-jobs.com

DevSecOps Engineer (Remote in Europe)

@ CloudTalk | Prague, Prague, Czechia - Remote
View on infosec-jobs.com

Security Architect

@ Valeo Foods | Dublin, Ireland
View on infosec-jobs.com

Security Specialist - IoT & OT

@ Wallbox | Barcelona, Catalonia, Spain
View on infosec-jobs.com
View more jobs