在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
CVE-2019-9970Open Whisper Signal和Signal Private Messenger application for Android 安全漏洞 发布时间:2019-03-23类型:CANstatus:Candidatephase:Assigned数据库:domain操作系统:Android 漏洞描述Open Whisper Signal是一款具有加密功能的桌面版即时聊天应用程序。Signal Private Messenger application for Android是一款基于Android平台的、具有加密功能的即时聊天应用程序。 Open Whisper Signal 1.23.1及之前版本和基于Android平台的Signal Private Messenger应用程序4.35.3及之前版本中存在安全漏洞。攻击者可利用该漏洞实施社会工程学攻击。Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets. 参考文献 |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论