Looks like there's a bit more info on the zero-click Telegram RCE and holy shit this looks bad:
> This vulnerability allows an attacker to execute arbitrary code on a victim's device simply by sendin...
@nprofile1q...
From my translation:
"The vendor states that each sticker loaded on the platform undergoes a mandatory validation procedure on its servers before being deployed to client applications. According to this official location, the centralized filtering process prevents the use of corrupt stickers as an attack vector, making it technically impossible to execute malicious code via that method."
Just a gentle reminder, by their own admission, that everything you say or send on Telegram goes trough their servers in plain text.
This means that anyone with (bought or enforced) access to Telegram servers can read anything you say or send to anyone.
From my translation:
"The vendor states that each sticker loaded on the platform undergoes a mandatory validation procedure on its servers before being deployed to client applications. According to this official location, the centralized filtering process prevents the use of corrupt stickers as an attack vector, making it technically impossible to execute malicious code via that method."
Just a gentle reminder, by their own admission, that everything you say or send on Telegram goes trough their servers in plain text.
This means that anyone with (bought or enforced) access to Telegram servers can read anything you say or send to anyone.
1