Summary: A vulnerability in Cloudflare’s content delivery network (CDN) can expose users’ locations through images sent via apps like Signal and Discord. Discovered by a 15-year-old researcher named Daniel, this flaw allows attackers to deanonymize targets within a 250-mile radius using either one-click or zero-click methods. Despite Cloudflare’s mitigation efforts, the issue persists, posing risks to individuals needing to protect their location.
Threat Actor: Unknown | unknown
Victim: Individuals using affected apps | individuals using affected apps
Keypoints :
- A flaw in Cloudflare’s CDN can expose users’ locations through images sent on messaging platforms.
- Attackers can exploit this vulnerability using one-click or zero-click methods, deanonymizing targets without their knowledge.
- Despite Cloudflare’s response to fix a related bug, the vulnerability remains, affecting any app using a CDN for content delivery.