Signal Desktop version 6.2.0 and earlier versions for Windows, Linux, and macOS are vulnerable to security vulnerabilities, identified as CVE-2023-24068 and CVE-2023-24069.
These vulnerabilities have the potential to allow an attacker to gain access to confidential attachments sent in messages, as well as potentially allow them to be replaced.
The issue lies in the fact that Signal Desktop stores attachments in the directory ~\attachments.noindex in an unencrypted format.
These attachments are automatically deleted from this directory if the user deletes them from the chat. However, if a reply is given to a message with an attachment (including quotes), the attachment continues to be stored in the local folder in an open format even after deletion in the messaging interface.
This means that an attacker who can access these files does not need to decrypt them, and there is no regular cache clearing process, so deleted files remain in this folder in an unencrypted format, according to researcher John Jackson. Furthermore, the attacker may also potentially replace files stored in the cache.
It is important for users of Signal Desktop to upgrade to the latest version as soon as possible to address these vulnerabilities and ensure their security.