Telegram’s Windows application was recently updated to address a critical zero-day flaw that permitted the execution of Python scripts without triggering security alerts, due to a typo in processing…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

Telegram's Windows application had a critical vulnerability that allowed the execution of Python scripts with a typo in certain file extensions. Attackers could disguise these scripts as video files and run them on user interaction. Telegram deployed a server-side fix and tagged the files with the ".untrusted" extension.

Typo Trouble: Exploring the Telegram Python RCE Vulnerability