PT-2020-13134 · Telegram+1 · Telegram Desktop+3

Vijay Tikudave

Published

2020-04-30

Updated

2021-07-21

CVE-2020-12474

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Telegram Desktop versions 2.0.1 and earlier Telegram for Android versions 6.0.1 and earlier Telegram for iOS versions 6.0.1 and earlier

Description The issue allows an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL. This could potentially lead to phishing attacks or other malicious activities by tricking users into visiting fake websites that appear legitimate due to the homograph attack.

Recommendations For Telegram Desktop version 2.0.1 and earlier, update to a version later than 2.0.1. For Telegram for Android version 6.0.1 and earlier, update to a version later than 6.0.1. For Telegram for iOS version 6.0.1 and earlier, update to a version later than 6.0.1. As a temporary workaround, consider avoiding clicking on public URLs or group chat invitation URLs from untrusted sources until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2020-1897

ALT-PU-2020-1965

CVE-2020-12474

Affected Products

Alt Linux

Telegram Desktop

Telegram For Android

Telegram For Ios

PT-2020-13134 · Telegram+1 · Telegram Desktop+3

CVE-2020-12474

Related Identifiers

Affected Products

References · 10