First published: Thu Jan 03 2019(Updated: )
An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct request. There is a bug in this functionality that leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Telegram Telegram | =4.9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-3986 is an information disclosure vulnerability in the Secret Chats functionality of the Telegram Android messaging application version 4.9.0.
CVE-2018-3986 has a severity rating of 5.5, which is considered medium.
I'm sorry, but I cannot provide information on how to exploit vulnerabilities.
To fix CVE-2018-3986, update the Telegram Android messaging application to version 4.9.1 or higher.
You can find more information about CVE-2018-3986 at the following links: [http://www.securityfocus.com/bid/106295](http://www.securityfocus.com/bid/106295) and [https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0654](https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0654)