{"vulnerability": "CVE-2022-28345", "sightings": [{"uuid": "60ae05b5-a85a-4f6f-a2a6-7f89067cbb0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28345", "type": "published-proof-of-concept", "source": "Telegram/Fe1afOtijSLjWWbm1OZINMnYxteXldRf8_LKzqA7HCYfbYs", "content": "", "creation_timestamp": "2022-04-19T13:15:04.000000Z"}, {"uuid": "2a46e748-f32c-421f-aaf0-0ad8710ecd7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28345", "type": "seen", "source": "https://t.me/cibsecurity/40846", "content": "\u203c CVE-2022-28345 \u203c\n\nThe Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T12:19:51.000000Z"}, {"uuid": "2c718a18-c57a-4f52-a13b-b175cbf73332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28345", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1940", "content": "#exploit\n+ CVE-2022-28345:\nSignal client for iOS < 5.33.2 are vulnerable to RTLO Injection URI Spoofing using malicious URLs\nhttps://sick.codes/sick-2022-42\n\n+ CVE-2021-1782:\nan iOS in-the-wild vulnerability in vouchers\nhttps://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html\n\n@BlueRedTeam", "creation_timestamp": "2022-04-15T22:53:32.000000Z"}, {"uuid": "144932fa-f056-4b8c-87ff-5b68417ca8e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28345", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5812", "content": "#exploit\n1. CVE-2022-28345:\nSignal client for iOS < 5.33.2 are vulnerable to RTLO Injection URI Spoofing using malicious URLs\nhttps://sick.codes/sick-2022-42\n\n2. CVE-2021-1782:\nan iOS in-the-wild vulnerability in vouchers\nhttps://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html", "creation_timestamp": "2022-04-15T23:44:05.000000Z"}]}