Vulnerability: Signal Messenger for Android 4.24.8 Exposes Private Photos in Cache Directory

Vulnerability: Signal Messenger for Android 4.24.8 Exposes Private Photos in Cache Directory

CVE-2018-3988 · MEDIUM Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.

Learn more about our Cis Benchmark Audit For Google Android.