Signal Denies Zero-Day Vulnerability Rumors

In recent days, rumors have been circulating online about a supposed zero-day vulnerability in the Signal messenger, allegedly related to the Generate Link Previews feature. Signal’s developers have addressed these reports, stating that there is no evidence to support the existence of such a vulnerability.

Reports about a zero-day issue in Signal, which allegedly allows attackers to fully compromise vulnerable devices, spread across social media over the past weekend. According to these claims, which referenced unnamed sources in the U.S. government, the vulnerability could be mitigated by disabling the Generate Link Previews feature. As a result, Signal’s developers were compelled to comment and refute these rumors.

In a series of posts on X (formerly Twitter), Signal’s team stated that they thoroughly investigated the alleged zero-day bug and found no evidence that it exists.

“We have seen vague viral posts about a supposed zero-day vulnerability in Signal. After conducting a thorough investigation, we have found no evidence that this vulnerability exists, and we have not received any additional information about it through official channels,” Signal representatives wrote. “We also contacted representatives of the U.S. government, since the source cited in the rumors was allegedly a U.S. official. Those we spoke with had not received any information indicating that this claim is valid.”

Although Signal has stated that there is no evidence of a zero-day vulnerability, the company is still asking anyone with new and credible information about this potential issue to contact their security team.

As cybersecurity experts note, while the situation remains unclear, users may want to consider disabling the Generate Link Previews feature on their devices as a precaution.