Wow, the Telegram app was vulnerable (now fixed) to a Unicode-related bug where it was tricked into displaying…

Wow, the Telegram app was vulnerable (now fixed) to a Unicode-related bug where it was tricked into displaying left-to-right text as right-to-left.

Example:

Actual filename: ♦fdp.61-10-8102-NOISICED.DRAOB.EVITUC.EXE

Displayed filename: EXE.CUTIVE.BOARD.DECISION-2018-01-16.pdf

I’m sure Telegram is not unique in being vulnerable to an attack like that!

https://nakedsecurity.sophos.com/2018/02/16/telegram-instant-messaging-flaw-the-images-that-were-programs/