点击蓝字 关注我们
免责声明
由于传播、利用本公众号"隼目安全"所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,公众号"隼目安全"及作者不为此承担任何责任,一旦造成后果请自行承担!如有侵权烦请告知,我们会立即删除并致歉谢谢!
此前
Telegram 公众号:隼目安全
该事件Telegram官方已给出答复
原文内容:
All versions of Telegram are safe.
Rumors about the existence of zero-click vulnerabilities in Telegram Desktop are inaccurate. Some "experts" recommended to "disable automatic downloads" on Telegram — there were no issues which could have been triggered by automatic downloads.
However, on Telegram Desktop, there was an issue that required the user to CLICK on a malicious file while having the Python interpreter installed on their computer. Contrary to earlier reports, this was not a zero-click vulnerability and it could affect only a tiny fraction of our user base: less than 0.01% of our users have Python installed and use the relevant version of Telegram for Desktop.
A server-side fix has been applied to ensure that even this issue no longer reproduces, so all versions of Telegram Desktop (including all older ones) no longer have this issue.
原文翻译:
Telegram的所有版本都是安全的。
Telegram Desktop中存在零点击漏洞的传闻是不准确的。一些“专家”建议在Telegram上“禁用自动下载”——自动下载并没有引发任何问题。
然而,在Telegram Desktop上,存在一个问题,要求用户在安装Python解释器时单击恶意文件。与之前的报道相反,这不是一个零点击漏洞,它可能只会影响我们的一小部分用户群:只有不到0.01%的用户安装了Python并使用Telegram for Desktop的相关版本。
已应用服务器端修复程序,以确保即使此问题也不再重现,因此所有版本的Telegram Desktop(包括所有较旧版本)都不再存在此问题。
原文链接:https://x.com/telegram/status/1779911889285153045?t=vi8ILG3F5bPfS5jYOZ8YNg&s=35
对此不做过多赘述
原文始发于微信公众号(隼目安全):【漏洞情报】关于此前Telegram的0day事件
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论