Rumored zero-day exploit dismissed by Signal

SecurityWeek reports that encrypted instant messaging platform Signal has shut down reports regarding a zero-day vulnerability impacting its chat app that became viral over the weekend, saying that further investigation has revealed no evidence to support the legitimacy of the rumored flaw. Such reports of a zero-day in Signal stemmed from a copy-pasted alert purported to be from the U.S. government that warned potential device takeovers from the exploitation of the messaging app's "generate link preview" functionality. However, Signal noted on X, formerly Twitter, that it was not able to substantiate claims that the warning came from the federal government. Prior to the rumors, several experts had already warned about the risk of the generate link preview function, which could be leveraged to facilitate IP address and link exposures, as well as unwanted data downloads in the background, with the feature already associated with critical flaws in the WhatsApp messaging app.