Connie_Pena (@Connie_Pena@mstdn.social)
Welcome to Hell, - the Iranian newspaper Tehran Times greeted the American landing Subscribe: 📱 TalipoV 𝐎𝐧𝐥𝐢𝐧𝐞 🅉 on #Telegram 🇷🇺 TalipoV 𝐎𝐧𝐥𝐢𝐧𝐞 🅉 in MAX Original Post Follow TRN 👈
Show Original Post
redhotcyber (@redhotcyber@mastodon.bida.im)
Basta uno sticker su Telegram per hackerarti! L’RCE critica da 9.8 è senza patch
📌 Link all'articolo : https://www.redhotcyber.com/post/basta-uno-sticker-su-telegram-per-hackerarti-lrce-critica-da-9-8-e-senza-patch/
A cura di Carolina Vivianti
#redhotcyber #news #cybersecurity #hacking #malware #telegram #vulnerabilita #android #linux #sicurezzainformatica
Show Original Post
NoahSpencer (@NoahSpencer@mastodon.lithium03.info)
CRITICAL ALERT: #Telegram Vulnerability “ZDI-CAN-30207” Exposes Telegram Users to Zero-Click Attacks 1. Disable Auto-downloading of images and video for channels. 2. Do not open messages from strangers
Show Original Post
ahto (@ahto@tiggi.es)
I'll take a guess on what the telegram exploit is. Mostly because people seem to be concerned and there is little information and the recommendation appears to be "Disable automatic media download" but I am worried about the mixture of severity and lack of information and at least thought to speculate based on information available and what I can see.
--
Now, please do keep in mind that I have spent like 15mins on this and have hardly done anything serious but hearing "Please do this thing to prevent an exploit but I don't have details" isn't exactly ideal. I'm also jumping to some conclusions as what is exploitable
--
1. Got notified regarding to this CVE via a friend.
* CVE for Telegram - https://bsky.app/profile/redteef.bsky.social/post/3mi3ki5tip227
The main advice appears to be disable automatic media download - My assumption is that some library related to processing media appears to have some issue.
2. pmap of my running telegram process - Saw libjxl and wondered what state it was in (Refer to media attached)
3. Looked up issues related to libjxl on github - https://github.com/libjxl/libjxl/issues/4539
and https://github.com/libjxl/libjxl/issues/4539
"ibjxl JPEG XL decoder crash due to uninitialized pointer access in malformed images" - One of the screenshots output "Illegal Instruction (Core Dump)" which is sinister, this can include the CPU attempting to execute an instruction it doesn't understand and if that segment can be manipulated and potentially arbitrary code execution.
Which then also lead me to this: https://github.com/advisories/GHSA-76gx-97cq-65f5
---
Disclaimer: I can't say it is even about libjxl or related to the CVE mentioned in 1 but I can at least see an attack like so: (which gives weight to disabling media for telegram).
1. Attacker crafts a suitable image to manipulate the decoder, image contains data that can either manipulate the pointer and/or data that the segment it could point to (for reference, just enough data to get a shell or establish a connection to something else is enough)
2. Attacker sends the image on a platform where the user using this library can then decode it.
3. The image that is decoded will then be able to execute the payload - Attacker could gain control via this method.
---
While this may seem silly but please also do not hound or abuse the devs at libjxl. Last thing I want are people who are trying to do their best to fix the issues I have listed and do not control what telegram includes in their builds.
#telegram #cve #attachments #media #libjxl #psa
Show Original Post
fbinin (@fbinin@mastodon.fbin.in)
CRITICAL ALERT: Telegram Vulnerability “ZDI-CAN-30207” Exposes Users to Zero-Click Attacks
https://securityonline.info/telegram-critical-zero-click-vulnerability-zdi-can-30207/
A critical security flaw discovered by Michael DePlante (@izobashi) of the Trend Micro Zero Day Initiative (ZDI), the vulnerability—tracked as ZDI-CAN-30207—has been assigned a severity score of 9.8 on the CVSS scale.
@beyondmachines1 maybe something to cover/post?
#vulnerability #telegram #security #critical
Show Original Post
mithmeoi (@mithmeoi@mastodon.art)
I'm open for stickers too! Drop a DM if you're interested!
#telegram #stickers #furry #commissionsOpen
Show Original Post
toaster (@toaster@fluff.avery.lgbt)
The ‘IMPORTANT SECURITY ANNOUNCEMENT’ chain message about Telegram going around right now is peak Furry panic
Yes: critical vuln (9.8)
Maybe: zero-click
Confirmed: absolutely not
Based on an upcoming ZDI advisory with zero public details.
Stay calm. Update your apps.
#CyberSecurity #InfoSec #Telegram #ZeroClick #Security
Show Original Post
RomaniaTeIubesc (@RomaniaTeIubesc@mstdn.social)
Un elev de 13 ani a înjunghiat o profesoară la o școală din 🇮🇹#Italia și a transmis totul live pe 📞#Telegram.
Show Original Post
DD3AH (@DD3AH@social.darc.de)
Laut der Zero Day Initiative #ZDI hat der IM #Telegram einen sehr kritischen Sicherheitsbug. Einzelheiten sind noch nicht bekannt, außer einem hohen CVSS: 9.8
ZDI-CAN-30207
https://www.zerodayinitiative.com/advisories/upcoming/
Eine erste Bewertung hier:
https://securityonline.info/telegram-critical-zero-click-vulnerability-zdi-can-30207/
Show Original Post
muellermeier (@muellermeier@bark.lgbt)
A bunch of telegram stickers with inside jokes for friends of mine and myself.
sticker pack: https://t.me/addstickers/muellermeier
#furry #furryart #furryartwork #digitalart #muellermeier #krita #telegram #sticker #fox #corvid #eagle #raptor #joke
Show Original Post
aidoo (@aidoo@masto.es)
Alerta: estafa cripto en Telegram usa perfiles de mujeres robados y "ganancias" falsas para pedir transferencias (85–200€). Activa con anuncios en Meta; riesgo de blanqueo. https://aidoo.news/noticia/62d0Xx
#Telegram #Estafas #Fraude #ProteccionDeDatos
Show Original Post
aidoo (@aidoo@mastodon.social)
Alerta: estafa cripto en Telegram usa perfiles de mujeres robados y "ganancias" falsas para pedir transferencias (85–200€). Activa con anuncios en Meta; riesgo de blanqueo. https://aidoo.news/noticia/62d0Xx
#Telegram #Estafas #Fraude #ProteccionDeDatos
Show Original Post