Summary
Telegram is vulnerable to a critical zero-click remote code execution flaw (ZDI-CAN-30207, CVSS 9.8) that allows attackers to take over accounts and execute code via malicious animated stickers without user interaction.
Take Action:
Disable auto-download of media files Settings->Data and Storage->Auto-download media, disable auto-play of media and restrict incoming messages to known contacts (paid feature) until Telegram releases a patch. At least set who can find you on Telegram to nobody until this is patched. The zero-click flaw is very dangerous because it requires no action from your employees to compromise their devices.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)