Telegram 4.7.1 Crash PoC / Remote Crash Exploit

2018.01.30
ir Ashiyane Digital Security Team (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

########################################################### # Exploit Title : Telegram 4.7.1 Crash PoC / Remote Crash Exploit # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage: Telegram.org # Version : 4.7.1 # Test ON : Iphone7 - IOS 11.2.5 # Date : 2018 29 January # Category : Software # MY HOME : Ashiyane.org - Seravo.ir # Software Link : https://itunes.apple.com/app/telegram-messenger/id686449807 # References : https://www.youtube.com/watch?v=LrHBDFArWjo ########################################################### # Researched by Ashiyane Digital Security Team # Discovery Status : 2018 29 January # Exploitation Technique : Local # Security Level : High # Technical Details & Description # 1. open your Telegram / create group / # 2. Click on Attachment icon # 3. We take a picture until it crashes # 4. Open Your Telegram > Crash Message View # 5. Crash video: https://www.youtube.com/watch?v=LrHBDFArWjo # 6. Crash Poc : http://up.ashiyane.org/images/fj99l4vbctqzdlsnl9ek.jpg ;) ################################################ # Discovered By : Hassan Shakeri # Twitter : @ShakeriHassan - Fb.com/General.BlackHat - Me@Seravo.ir ###########################################################

References:

https://www.youtube.com/watch?v=LrHBDFArWjo
https://itunes.apple.com/app/telegram-messenger/id686449807


See this note in RAW Version
Vote for this issue:
87%
13%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top