Main Vulnerability Database SB2019091711

SB2019091711 - Security restrictions bypass in Telegram for Android

Published: September 17, 2019

Security Bulletin ID SB2019091711

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2019-16248)

The vulnerability allows an attacker to bypass certain security restrictions.

The vulnerability exists due "delete for" feature does not delete images and media files from the Telegram Images directory, removing them from the chat window only. As a result, it is possible to gain access to files that were deleted via the UI interface.

Remediation

Install update from vendor's website.

References

https://github.com/RootUp/PersonalStuff/blob/master/Telegram_Privacy.pdf
https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html
https://www.openwall.com/lists/oss-security/2019/09/09/2