all InfoSec news
Typo Trouble: Exploring the Telegram Python RCE Vulnerability
InfoSec Write-ups - Medium infosecwriteups.com
Telegram’s Windows application was recently updated to address a critical zero-day flaw that permitted the execution of Python scripts without triggering security alerts, due to a typo in processing certain file extensions.
This vulnerability first surfaced on online forums later proof of concept shared on the XSS forum. The issue centered around Python “.pyzw” files which, due to a typo let attackers to evaded Telegram’s security protocols and ran immediately upon user interaction, provided Python was present on the device. …
address alerts application concept critical cybersecurity extensions file flaw forum forums hacking issue proof python python scripts rce scripts security security alerts technology technology news telegram typo vulnerability windows xss zero-day zero-day flaw