ESET has discovered an Android zero-day Telegram vulnerability that allows the sending of malicious files disguised as videos.
Odaily Planet Daily Report: ESET researchers have discovered a zero-day vulnerability in the Android version of Telegram, which was sold on an underground forum post on June 6, 2024 at an unspecified price. By exploiting this vulnerability, which ESET's research team named "EvilVideo", attackers can share malicious Android payloads through Telegram channels, groups, and chats, and display them as multimedia files. The vulnerability is only applicable to Android Telegram versions 10.14.4 and earlier. After ESET's research team reported the vulnerability to Telegram, it was fixed on July 11, 2024, and Telegram released version 10.14.5 and notified ESET's research team via email.