CVE-2018-15542

Name of the Vulnerable Software and Affected Versions org.telegram.messenger application version 4.8.11

Description The issue allows authentication bypass via runtime manipulation that forces a certain method's return value to true, enabling an attacker to authenticate with an arbitrary passcode. The vendor notes that this is not considered an attack of interest within their threat model, specifically excluding Android devices on which rooting has occurred.

Recommendations For version 4.8.11, consider disabling the Passcode feature until a patch is available to prevent potential authentication bypass.