Signal messenger has addressed rumors circulating online about a zero-day security vulnerability in their ‘Generate Link Previews’ feature. Despite multiple sources claiming that this vulnerability allowed for complete device takeover, Signal has conducted an investigation and found no evidence to support these claims. They even checked with US government sources, who also had no information suggesting the validity of the vulnerability. While they urge those with legitimate information to contact their security team, users are advised to disable the ‘Generate Link Previews’ setting as a precautionary measure. Zero-day vulnerabilities in Signal are highly sought after, with brokers like Zerodium willing to pay up to $500,000 for an exploit chain. Additionally, Operation Zero, a Russian broker, is willing to pay as much as $1.5 million for a Signal zero-day vulnerability. These vulnerabilities are frequently used by spyware developers and can pose a significant security risk.
https://www.bleepingcomputer.com/news/security/signal-says-there-is-no-evidence-rumored-zero-day-bug-is-real/