Telegram Addresses Serious Android Zero-Day Vulnerability with New Patch

Tuesday, 23 July 2024, 01:36

Telegram has recently patched a serious zero-day vulnerability that affected its Android app, allowing attackers to send malicious APK files disguised as video files. Identified by cybersecurity firm ESET as 'EvilVideo', this exploit enabled harmful content to automatically download onto users' devices, posing significant security risks. The vulnerability affected Android Telegram versions up to 10.14.4 and has been successfully addressed in the latest version 10.14.5. Users are urged to update their apps to mitigate potential threats.

Gigazine — Telegram Addresses Serious Android Zero-Day Vulnerability with New Patch

Telegram Zero-Day Vulnerability Exploited

On June 26, 2024, cybersecurity firm ESET discovered a critical zero-day vulnerability in the Telegram Android app.

Understanding the EvilVideo Exploit

This vulnerability, termed EvilVideo, allowed attackers to attach malicious APK files disguised as video files in chats.

Specifically, the exploit impacted Android Telegram versions 10.14.4 and earlier. Here’s how it works:

The malicious payload appears as a 30-second video.
Automatically downloaded files could compromise user devices.
Opening the file prompts users to install a malicious app.

Response and Mitigation

Upon discovering the exploit, ESET promptly reported the vulnerability to Telegram. As a result, Telegram released version 10.14.5 on July 11, 2024, which now properly identifies APK files.

Users are advised to regularly update their applications to ensure they are protected against such vulnerabilities.

This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.

Telegram Zero-Day Vulnerability Exploited

Understanding the EvilVideo Exploit

Response and Mitigation

Related posts