The technology website Blue Dot Network published an article on the X platform stating that the instant messaging tool Telegram has a high-risk security vulnerability. Attackers only need to send specially crafted pictures, videos or files to users to trigger the vulnerability without interaction. This vulnerability belongs to the category of 0day and 0click vulnerabilities, and the degree of harm is extremely high. It is recommended that users immediately turn off the automatic download function.
In response to this, Yu Xian, the founder of SlowMist, said that he could not be 100% sure whether it was a vulnerability or a 0day, and some of the sources of the information were unclear, and there was suspicion of title party. He also said that many chat tools have similar mechanisms for automatic downloads, and the key is whether the automatic download will automatically trigger malicious exploits.