CVE-2018-3986

Name of the Vulnerable Software and Affected Versions Telegram Android messaging application version 4.9.0

Description An information disclosure issue exists in the "Secret Chats" functionality, which allows users to delete chat traces. However, a bug leaves behind photos taken and shared in secret chats, even after deletion. These photos remain stored on the device and are accessible to all installed Android applications.

Recommendations For version 4.9.0, consider restricting access to the "Secret Chats" functionality until a fix is available, and manually review and delete any sensitive photos that may have been left behind.