Envoy 1.27.4 (CVE-2024-30255) https://github.com/envoyproxy/envoy/releases/tag/v1.27.4

cc lukegb (he/him) (build is already kind of broken and only work thanks to caching of the deps :/ )

The security researchers at exploit.org claimed they've found an RCE in Telegram Desktop's latest version (seems 4.16.1 at least), and updated a demonstration video targeting Windows build. Someone in the comment claimed they could not trigger the PoC in 4.16.4.

Original message:

Link: https://t.me/exploitorg/30

The security researchers at exploit.org claimed they've found an RCE in Telegram Desktop's latest version (seems 4.16.1 at least), and updated a demonstration video targeting Windows build. Someone in the comment claimed they could not trigger the PoC in 4.16.4.

Original message:

SECURITY ALERT ⚠️

Possible RCE was detected in Telegram's media processing in Telegram Desktop application.
This issue expose users to malicious attacks through specially crafted media files, such as images or videos.

For security reasons disable auto-download feature. Please follow these steps:
1. Go to Settings.
2. Tap on "Advanced".
3. Under the "Automatic Media Download" section, disable auto-download for "Photos", "Videos", and "Files" across all chat types (Private chats, groups, and channels).

We are currently investigating this vulnerability.

Link: https://t.me/exploitorg/30

The security researchers at exploit.org claimed they've found an RCE in Telegram Desktop's latest version (seems 4.16.1 at least), and updated a demonstration video targeting Windows build. Someone in the comment claimed they could not trigger the PoC in 4.16.4.

Currently 23.11 and unstable branch has 4.16.1, and master was updated to 4.16.4 yesterday.

Original message:

SECURITY ALERT ⚠️

Possible RCE was detected in Telegram's media processing in Telegram Desktop application.
This issue expose users to malicious attacks through specially crafted media files, such as images or videos.

For security reasons disable auto-download feature. Please follow these steps:
1. Go to Settings.
2. Tap on "Advanced".
3. Under the "Automatic Media Download" section, disable auto-download for "Photos", "Videos", and "Files" across all chat types (Private chats, groups, and channels).

We are currently investigating this vulnerability.

Link: https://t.me/exploitorg/30

The security researchers at exploit.org claimed they've found an RCE in Telegram Desktop's latest version (seems 4.16.1 at least), and updated a demonstration video targeting Windows build. Someone in the comment claimed they could not trigger the PoC in 4.16.4.

Currently 23.11 and unstable branch has 4.16.1, and master was updated to 4.16.4 yesterday.

Original message:

SECURITY ALERT ⚠️

Possible RCE was detected in Telegram's media processing in Telegram Desktop application.
This issue expose users to malicious attacks through specially crafted media files, such as images or videos.

For security reasons disable auto-download feature. Please follow these steps:
1. Go to Settings.
2. Tap on "Advanced".
3. Under the "Automatic Media Download" section, disable auto-download for "Photos", "Videos", and "Files" across all chat types (Private chats, groups, and channels).

We are currently investigating this vulnerability.

Link: https://t.me/exploitorg/30

Edit: telegram official said they could not find the vulnerability and the demonstration video is likely staged. https://twitter.com/telegram/status/1777677055837995151