Critical Zero-Click Vulnerability in Telegram Allows Remote Account Takeover

Telegram is vulnerable to a critical zero-click remote code execution flaw (ZDI-CAN-30207, CVSS 9.8) that allows attackers to take over accounts and execute code via malicious animated stickers without user interaction.

**Disable auto-download of media files Settings->Data and Storage->Auto-download media, disable auto-play of media and restrict incoming messages to known contacts (paid feature) until Telegram releases a patch. At least set who can find you on Telegram to nobody until this is patched. The zero-click flaw is very dangerous because it requires no action from your employees to compromise their devices.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-zero-click-vulnerability-in-telegram-allows-remote-account-takeover-a-b-8-c-d/gD2P6Ple2L