First published: Fri May 01 2020(Updated: )
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Telegram Telegram | <=6.0.1 | |
Telegram Telegram | <=6.0.1 | |
Telegram Telegram Desktop | <=2.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Telegram vulnerability is CVE-2020-12474.
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS are affected by CVE-2020-12474.
The severity level of CVE-2020-12474 is medium.
An IDN Homograph attack can be carried out in Telegram by using Punycode in a public URL or a group chat invitation URL.
It is recommended to update Telegram Desktop to version 2.0.2 or newer, Telegram for Android to version 6.0.2 or newer, and Telegram for iOS to version 6.0.2 or newer to fix CVE-2020-12474.