File Access and Recording Vulnerability in Telegram by Telegram
CVE-2023-26818

5.5MEDIUM

Key Information:

Vendor: Telegram
Status: Telegram
Vendor: CVE Published:; 19 May 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-26818?

Telegram versions 9.3.1 and 9.4.0 have a vulnerability that allows attackers to exploit the DYLD_INSERT_LIBRARIES flag, leading to unauthorized access to restricted files as well as potential microphone and video recording capabilities. This weakness poses serious privacy risks, enabling malicious actors to bypass expected access controls.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-26818
Created by Zeyad-Azima

References

http://telegram.com

https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypa...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Aug 30, 2023
👾
Exploit known to exist
Aug 30, 2023
Vulnerability published
May 19, 2023
Vulnerability Reserved
Feb 27, 2023

JSON