Critical Telegram Zero-Day Vulnerability Exposes User Accounts to Remote Hijacking

Severity: High (Score: 76.5)

Sources: Mexc, Mezha, Www1.Ru

Summary

A critical zero-day vulnerability in Telegram, discovered by researcher Michael DePlante, allows attackers to remotely hijack user accounts without any user interaction. The flaw has been assigned a CVSS score of 9.8, indicating its high risk level. It affects the confidentiality, integrity, and availability of user data and is categorized as easily exploitable over a network. Telegram has up to 120 days to release a patch, but experts anticipate an earlier response due to the severity of the issue. Users are advised to monitor for updates and implement security measures such as strong passwords and two-factor authentication. The vulnerability is identified as ZDI-CAN-30207, and no public technical details are available yet. This situation highlights the necessity for users to keep their software updated and remain vigilant against potential threats. Key Points: • A zero-day vulnerability in Telegram allows remote account hijacking without user action. • The flaw has a CVSS score of 9.8, indicating a critical level of risk. • Users are urged to update their Telegram app as soon as patches are released.

Key Entities

• Zero-Day Exploit (attack_type)
• Android (platform)
• Linux (platform)
• Telegram (platform)