45
Security researcher Michael Deplant from the Zero Day Initiative has uncovered a security flaw in Telegram, identified under the identifier ZDI-CAN-30207, with a CVSS score of 9.8 out of 10. For comparison: 10.0 is the absolute maximum. On the official scale, this is basically the most dangerous thing there is. The CVSS vector suggests the possibility of an Internet-exploitable attack that is low complexity, requires no permissions, and, worst of all, requires no user interaction. In plain language: An attacker could theoretically gain full control of the affected process without the victim even having to click on anything. Telegram was informed of the security breach but did not respond in any way.