Signal CVE-2019-9970 Homograph Domain Spoofing Vulnerability
Signal is prone to a domain-spoofing vulnerability because it fails to adequately handle homographs in international domain name (IDN) domains.
An attacker may leverage this issue to spoof a domain that visually resembles a legitimate domain. This may lead to a false sense of trust because the user may be presented with a URI of a seemingly trusted domain while interacting with the attacker's malicious site.
The following products and versions are vulnerable:
Signal Desktop through 1.23.1
Signal Private Messenger through 4.35.3