July 23, 2024 at 12:29PM
Telegram has addressed a zero-day flaw in older Android app versions, allowing attackers to hide malicious payloads in video files. ESET researchers discovered the flaw, “EvilVideo”, on a hacker forum. Exploit affected versions 10.14.4 and below. Updates to version 10.14.5 and above fix the issue. Users should update immediately to avoid compromise.
From the meeting notes, the key takeaways are:
– Telegram has patched a zero-day flaw found in older versions of its chat and media-sharing application for Android, allowing attackers to hide malicious payloads in video files.
– The flaw, dubbed “EvilVideo,” was discovered by ESET Research and works on Telegram versions 10.14.4 and older. It allowed attackers to share malicious Android payloads via Telegram channels, groups, and chat, making them appear as multimedia files.
– The exploit relies on the ability to create a payload that displays an Android app as a multimedia preview and not as a binary attachment. It was reported to Telegram, which updated versions 10.14.5 and above of its Android app to fix the issue on July 11.
– Users are advised to update their apps immediately to avoid compromise and to never download anything on their devices that they receive in messages from anyone they don’t know, especially when unsolicited.
These clear takeaways provide a summary of the security issue with the Telegram Android app and the necessary actions for users to protect themselves.