Mac OS
Telegram for macOS v4.9.155353
wtdsoul
2019. 12. 10. 15:55
https://github.com/Metnew/telegram-links-nsworkspace-open
Metnew/telegram-links-nsworkspace-open
Telegram (v4.9.155353) was rendering file:// links + opening them via NSWorkspace.open -> code execution. - Metnew/telegram-links-nsworkspace-open
github.com
Summary
In Telegram for macOS v4.9.155353 (and below) URL parsing logic in Telegram for macOS platform allows running arbitrary executables and applications URI schemes via links injected into the website's preview.