CVE-2018-3988

Name of the Vulnerable Software and Affected Versions Signal Messenger for Android version 4.24.8

Description The issue may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.

Recommendations For Signal Messenger for Android version 4.24.8, consider clearing the cache directory after using the photo feature in "disappearing messages" to minimize the risk of private information exposure. As a temporary workaround, restrict access to the cache directory to prevent other applications from accessing the sensitive information.