CVE ID:

CVE-2019-9970

Details:

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.

References:

:https://github.com/blazeinfosec/advisories/blob/c70c90bc7f8d82d4d20c42260770cbdeec834623/signal-advisory.txt