One sticker could have exposed your Telegram secret chats

One sticker could have exposed your Telegram secret chats

The flaw originated in the way the app handled animated stickers and how the Telegram secret chat functionality operated.


Italian cybersecurity firm Shielder disclosed the now-patched flaw identified in the Telegram messaging app. The flaw could have exposed photos, videos, and secret messages of Telegram users to remote threat actors. 


The issues were discovered in Telegram’s Android, iOS, and macOS versions, which were addressed in a series of patches released between Sept 30 and Oct 2 last year. Shielder revealed the bugs publicly after 90 days to allow users to update their devices.


SEE: Court docs show FBI can unlock iPhones, access Signal messages


A Case of Flawed Stickers


The flaw originated in the way the Telegram app handled animated stickers and how the secret chat functionality operated. Attackers could exploit the flaw to send malicious stickers to users for obtaining access to photos/videos/chats.


It is important to note that both classic and secret chat messages were vulnerable to exposure.

About the Flaws


According to the report published by Shielder’s vulnerability researcher ‘Polict,’ the flaws were identified while skimming through the app’s Android app code back in Jan 2020, when Telegram had introduced animated stickers.


In total, 13 vulnerabilities were identified, including one heap out-of-bounds write, one stack out-of-bounds write, one stack out-of-bounds read, two heaps out-of-bound read, one integer overflow that led to heap out-of-bounds read, two type confusions, and five denial-of-service.


Which Telegram Versions were Patched


Abiding by the responsible disclosure policy, the flaws were reported to Telegram. Th ..

Support the originator by clicking the read the rest link below.