Application security, Vulnerability Management

New critical Telegram zero-click issue threatens total device compromise

Telegram app on smartphone screen. Telegram messenger, free speech, security, privacy

Cybernews reports that Telegram for Android and Telegram Desktop for Linux have been affected by a critical zero-click vulnerability that could enable remote code execution via animated stickers.

Threat actors abusing the flaw, discovered by Trend Micro Zero Day Initiative researchers, could simply deliver animated stickers to facilitate the automated malicious code execution, reported Italy's National Cybersecurity Agency.

"Exploiting this vulnerability could give an attacker control over the device and access to sensitive data, including messages, contacts, and active sessions related to the Telegram account," said the agency.

With indicators of compromise and fixes yet to be released, organizations using Telegram Business accounts have been urged to only permit new communications from address book contacts or Premium users. Individuals using Telegram, on the other hand, have been advised to either remove Telegram from Android and Linux systems in the meantime or leverage the messaging app's web version in updated browsers.

Such a development comes after Telegram was reported by CYFIRMA researchers to have been tapped as a marketplace for malicious cyber activity.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds