Telegram Faces Major Security Threat With New Zero-Day Vulnerability On Android

Telegram , a popular messaging app used by millions globally, is currently facing a significant security threat due to a newly discovered vulnerability . This zero-day issue affects Telegram's Android version and allows hackers to transfer malicious files capable of compromising user devices.

Discovery and Impact

Security researchers from ESET have identified this vulnerability, dubbed ‘ EvilVideo ’. This flaw poses a substantial risk as it enables hackers to gain unauthorized access to devices by sending harmful video files through Telegram chats. The issue predominantly affects older versions of the app, specifically those before version 10.14.5. Consequently, all users are urged to update their apps immediately to protect their data and device security.

Investigation and Findings

The vulnerability was discovered by ESET researcher Lukas Stefanko while he was investigating another security issue. Online forums have been buzzing with discussions about EvilVideo, demonstrating how it can be exploited to target Telegram users through chat interactions. Given Telegram's support for channels and large file transfers, this flaw is particularly dangerous as hackers can disguise malicious files using the Telegram API.

Telegram’s Response and User Recommendations

ESET informed Telegram about the flaw on June 26. However, it took Telegram over a week to acknowledge and begin addressing the issue. The fix for this vulnerability is included in the latest version of Telegram, 10.14.5. Users are strongly advised to update their app via the Play Store immediately. To check the current version of Telegram on your device, navigate to Telegram – Settings – About, and update to the latest version if necessary.