Home Telegram addresses zero-day vulnerability in Windows app

Telegram addresses zero-day vulnerability in Windows app

April 15th — Telegram recently took swift action to account for a critical zero-day vulnerability that was discovered within its Windows desktop application. This vulnerability posed a significant threat, as it allowed for the automatic launch of Python scripts.

It’s all in the details…

Initially, rumors circulated regarding a potential remote code execution (RCE) flaw within Telegram for Windows. While some reports suggested that it was a zero-click vulnerability, further investigation revealed that users needed to interact with the malware to trigger the exploit. Telegram refuted initial claims, labeling them as hoaxes.

However, subsequent developments proved Telegram wrong. A proof of concept exploit surfaced, indicating that a typo in the Telegram source code facilitated the execution of Python scripts without triggering security warnings.

Telegram’s response

Telegram acknowledged the issue and swiftly implemented a server-side fix to prevent Python scripts from auto-launching. In contrast with earlier announcements, Telegram noted that this vulnerability did affect some users with specific configurations. The server-side fix ensured that all versions of Telegram Desktop were safeguarded against the exploit.

The vulnerability stemmed from Telegram’s handling of file extensions. While the app displayed security warnings for known risky file types, unknown file types were automatically launched, relying on the operating system’s default behavior.

To mitigate this, Telegram corrected the extension spelling in its source code. Additionally, a temporary server-side fix was applied, appending the ‘.untrusted’ extension to Python files. This alteration prompts users to select a program for opening the file, enhancing security until a permanent solution is implemented.

Telegram’s next steps

Future iterations of Telegram’s desktop app will feature improved security measures, including warning messages for potentially harmful file types. These proactive steps underscore Telegram’s commitment to prioritizing user safety and maintaining the integrity of its platform.

Learn more here. To receive cutting-edge cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.