Zero-day vulnerability in Telegram

[faniebraai]

In October 2017, we learned of a vulnerability in Telegram Messenger’s Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service.

Right-to-left override in a nutshell
The special nonprinting right-to-left override (RLO) character is used to reverse the order of the characters that come after that character in the string. In the Unicode character table, it is represented as ‘U+202E’; one area of legitimate use is when typing Arabic text. In an attack, this character can be used to mislead the victim. It is usually used when displaying the name and extension of an executable file: a piece of software vulnerable to this sort of attack will display the filename incompletely or in reverse.

Source: https://securelist.com/zero-day-vulnerability-in-telegram/83800/

 

[ScottulusMaximus]

/inb4 Whatsapp

Wait...

 

[faniebraai]

View attachment 498485
View attachment 498487

 

[backstreetboy]

Can't wait for Allo to get email support.

 

[The_Librarian]

jihadists gonna pwn themselves?

 

[Solitude]

I wonder who invited me to make use of Telegram.

/points at Fanie

 

[faniebraai]

I wonder who invited me to make use of Telegram.

/points at Fanie

don't open any images I send you as a file

 

[The_Librarian]

faniebrarie causes issues for his friends

 

[sajunky]

Invalid attachment as for now. Problem with faniebrarie is solved.