Unsecured Audio Channel in Signal Private Messenger for Android
CVE-2019-17191

7.5HIGH

Key Information:

Vendor

Signal

Status
Private Messenger
Vendor
CVE Published:
5 October 2019

What is CVE-2019-17191?

A vulnerability in the Signal Private Messenger application for Android allows attackers to establish an audio call without user consent. The affected versions, prior to 4.47.7, enable a caller to send a connect message that forces the call to be answered on the callee's device, potentially leading to eavesdropping as the audio channel may open before the callee can take action to block the call.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://news.ycombinator.com/item?id=21161432
x_refsource_MISC
https://twitter.com/moxie/status/1180261210341511168
x_refsource_MISC
https://bugs.chromium.org/p/project-zero/issues/detail?id...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.