Vulnerabilities > CVE-2018-9840 - Unspecified vulnerability in Signal
Attack vector
PHYSICAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH low complexity
signal
Summary
The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.
Vulnerable Configurations
References
- http://nint.en.do/Signal-Bypass-Screen-locker.php
- http://nint.en.do/Signal-Bypass-Screen-locker.php
- https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9
- https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9
- https://github.com/signalapp/Signal-iOS/commits/release/2.23.2
- https://github.com/signalapp/Signal-iOS/commits/release/2.23.2