How does CVE-2019-9970 affect Signal Private Messenger for Android?

CVE-2019-9970 affects Signal Private Messenger for Android versions up to and including 4.35.3.

How does CVE-2019-9970 affect Signal-Desktop?

CVE-2019-9970 affects Signal-Desktop versions up to and including 1.23.1.

What is an IDN homograph attack?

An IDN homograph attack is a type of phishing attack where an attacker uses visually similar characters to create a fake website that appears identical to the legitimate one.

Are there any known fixes for CVE-2019-9970?

At the moment, there are no known fixes for CVE-2019-9970. It is recommended to exercise caution when clicking on URLs in Signal messages.

Vulnerability/
CVE-2019-9970

medium

6.5

24/3/2019

4/8/2024

CVE-2019-9970

Q: What is CVE-2019-9970?

CVE-2019-9970 is a vulnerability in Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android that exposes users to an IDN homograph attack when displaying messages containing URLs.

First published: Sun Mar 24 2019(Updated: )

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Signal Private Messenger Android	<=4.35.3
Signal Signal-desktop	<=1.23.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-9970?
CVE-2019-9970 is a vulnerability in Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android that exposes users to an IDN homograph attack when displaying messages containing URLs.
How does CVE-2019-9970 affect Signal Private Messenger for Android?
CVE-2019-9970 affects Signal Private Messenger for Android versions up to and including 4.35.3.
How does CVE-2019-9970 affect Signal-Desktop?
CVE-2019-9970 affects Signal-Desktop versions up to and including 1.23.1.
What is an IDN homograph attack?
An IDN homograph attack is a type of phishing attack where an attacker uses visually similar characters to create a fake website that appears identical to the legitimate one.
Are there any known fixes for CVE-2019-9970?
At the moment, there are no known fixes for CVE-2019-9970. It is recommended to exercise caution when clicking on URLs in Signal messages.

collector/nvd-index
agent/references
agent/author
agent/severity
agent/type
agent/event
agent/description
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/signal
canonical/signal private messenger android
version/signal private messenger android/4.35.3
canonical/signal signal-desktop
version/signal signal-desktop/1.23.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.