Signalis held to an extremely high standard when it comes to security and end-to-end encryption, with its messaging app being especially secure and its encryption protocol being used by the likes of WhatsApp. It was especially concerning, then, when news started making the rounds about Signal possibly having a zero-day vulnerability. Those rumors have now been put to rest, however, and Signal really wants you to feel secure while using the app.

In threads shared with Mastodon and X/Twitter, Signal debunked the rumors that a zero-day vulnerability was affecting the app. Signal addressed “vague viral reports” about a zero-day vulnerability, going on to add that, after responsible investigation, developers have found no evidence that the vulnerability was real, and no additional information was shared to its official reporting channels. It also added that it cross-checked with sources within the US government (since the rumor claimed the government had knowledge about the vulnerability), only to find nothing from those sources either.

The rumored vulnerability was shared across multiple social media platforms and said that Signal’s ability to preview a shared link could be exploited to launch an attack. The issue isn’t really documented in detail and, likewise, no one has really shown any evidence of the vulnerability’s existence or it being exploited in the wild — all we have is advice to disable link previews in order to mitigate the alleged issue. According to security researcher Matt Blaze, it looks like the rumors might refer to an issue that actually exists and is well documented: the WebP security flaw thataffected web browsersandother apps. However, according to Signal, that issue is already fixed, and all current versions of the app are already running the patch.

So really, it looks like nothing is happening here, and if you’re a Signal user, you have nothing to worry about. If an issuedoesaffect Signal, you’ll likely be promptly informed, and an update will be issued as soon as possible. In the case of this issue, if it’s actually real, Signal is asking researchers to tell them all about it through the group’s official reporting channels.