Description Preview
Overview
CVE-2020-12474 is a security vulnerability affecting multiple Telegram applications across different platforms. The issue stems from improper handling of Internationalized Domain Names (IDN) using Punycode. An attacker can craft URLs that appear legitimate to users but actually lead to malicious websites. This type of attack, known as an IDN Homograph attack, exploits the visual similarity between different characters in various scripts to create deceptive URLs. For example, a Cyrillic "о" might look identical to a Latin "o" but would direct users to a completely different domain. In the context of Telegram, this vulnerability could be exploited through public URLs or group chat invitation links, potentially leading users to phishing sites or other malicious content without their awareness.
Remediation
Users should update their Telegram applications to versions newer than those affected:
- Telegram Desktop: Update to version later than 2.0.1
- Telegram for Android: Update to version later than 6.0.1
- Telegram for iOS: Update to version later than 6.0.1
Additionally, users should:
- Be cautious when clicking on links in messages, even if they appear to come from trusted sources
- Verify the actual URL destination before clicking, especially for sensitive websites
- Consider using browsers or tools that highlight Punycode domains or warn about potential IDN homograph attacks
- Enable two-factor authentication for important accounts to provide an additional layer of security
System administrators should consider implementing security measures that detect and block IDN homograph attacks at the network level.
References
- https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474
- https://en.wikipedia.org/wiki/IDN_homograph_attack
- https://www.unicode.org/reports/tr36/tr36-11.html#Restriction_Level_Detection
- https://telegram.org/blog (Check for security updates related to this vulnerability)
Note: This vulnerability highlights the importance of proper display and validation of internationalized domain names in applications that handle URLs, especially in messaging platforms where trust is often assumed.
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- ManufacturingManufacturing
- Educational ServicesEducational Services
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- UtilitiesUtilities
- Other Services (except Public Administration)Other Services (except Public Administration)
- Public AdministrationPublic Administration
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- MiningMining
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- Wholesale TradeWholesale Trade
