Signal CVE-2019-9970 Homograph Domain Spoofing Vulnerability

Signal is prone to a domain-spoofing vulnerability because it fails to adequately handle homographs in international domain name (IDN) domains.

An attacker may leverage this issue to spoof a domain that visually resembles a legitimate domain. This may lead to a false sense of trust because the user may be presented with a URI of a seemingly trusted domain while interacting with the attacker's malicious site.

The following products and versions are vulnerable:

Signal Desktop through 1.23.1
Signal Private Messenger through 4.35.3


Privacy Statement
Copyright 2010, SecurityFocus