CVE-2023-26818

[ediah]

Hello.
So, you need to create/modify the Telegram launch file to perform this attack, in addition to downloading the malicious library to the victim's computer. Or run from the console with the environment variable set.

1. How often does an ordinary user launch applications not through a shortcut but through the console and even setting a variable with the path to someone's malicious library?
2. If you have enough access to do this, why even bother?

[danrevah]

It’s indeed a LPE vulnerability, but it affects users who are already are using Telegram, and had granted some privacy permissions to it during regular usage (voice messages, video call, ..). As even if you’re root you couldn’t access Mic or Camera, using vulnerable third-party library might allow you to gain more access. I might add some clarification to the blog post.

…

On Tue, 16 May 2023 at 9:48 Dmitriy Smirnov ***@***.***> wrote: Hello. So, you need to create/modify the Telegram launch file to perform this attack, in addition to downloading the malicious library to the victim's computer. Or run from the console with the environment variable set. 1. How often does an ordinary user launch applications not through a shortcut but through the console and even setting a variable with the path to someone's malicious library? 2. If you have enough access to do this, why even bother? <https://apple.stackexchange.com/questions/326362/how-to-take-photo-using-terminal> — Reply to this email directly, view it on GitHub <#1>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AB3SNZTBQKR43WB6AIWMCP3XGMPL5ANCNFSM6AAAAAAYDFQZS4> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[ediah]

I still don't understand the practicality of the attack vector. Could you describe it in more detail? This attack requires access to the victim's computer, am I right? But then why do you need this Telegram at all?