CVE-2023-34658: Telegram v9.6.3 on iOS Vulnerable to UI Manipulation through SFSafariViewController Function

A recently discovered vulnerability, dubbed as CVE-2023-34658, affects the popular messaging app Telegram (version 9.6.3) on iOS devices. The exploit allows attackers to hide critical information on the user interface, potentially tricking users into providing sensitive details or taking unintended actions. This is achieved through manipulation of the SFSafariViewController function in the app. In this article, we will delve into the details of this vulnerability and provide relevant code snippets, original references, and exploit details.

Overview

Telegram is a widely used messaging app known for its privacy features and seamless communication across different platforms. However, with the discovery of CVE-2023-34658, the security of the app is now in question. Attackers can leverage this flaw to manipulate the user interface (UI) and hide critical information, such as warnings, prompts, and security indicators. Users who are unaware of this issue may unknowingly fall prey to social engineering tactics, phishing attempts, or other deceptive schemes.

Code Snippet

The vulnerability lies in the implementation of the SFSafariViewController function in Telegram v9.6.3 on iOS. An attacker can craft a special URL that calls this function and use it to hide specific UI elements.

Below is an example of a malicious code snippet that highlights the UI manipulation

import UIKit
import SafariServices

class ViewController: UIViewController {

    @IBAction func openURL(_ sender: Any) {
        guard let url = URL(string: "https://maliciouswebsite.com";) else { return }
        let config = SFSafariViewController.Configuration()
        config.barCollapsingEnabled = true // Hide the top bar
        let safariVC = SFSafariViewController(url: url, configuration: config)
        present(safariVC, animated: true)
    }
}

The critical part of this code snippet is the 'barCollapsingEnabled' configuration set to 'true'. This causes the top bar of the browser view to be hidden, creating a manipulated user interface.

Original References

1. Telegram Official Website: https://telegram.org/
2. Apple Developer Documentation - SFSafariViewController: https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller
3. CVE-2023-34658 Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34658

Exploit Details

To exploit this vulnerability, an attacker needs to craft a malicious link containing the aforementioned code snippet and share it with the intended target. If the target opens the URL within the Telegram app, the SFSafariViewController function will be called, and the app's UI will be manipulated according to the attacker's preference. Because the top bar of the browser view is hidden, users may not notice the warning symbols or security indicators, making them susceptible to deceptive schemes and attacks.

Recommendations

To mitigate the risk of this vulnerability, it's essential for iOS users to update their Telegram app to the most recent version. Furthermore, users should be aware of potential phishing attempts and avoid clicking on suspicious links from unknown sources. Lastly, telegram developers should address this issue by properly implementing the SFSafariViewController function or removing the potentially harmful configuration options.

Conclusion

CVE-2023-34658 highlights the potential risk of UI manipulation in Telegram version 9.6.3 on iOS devices. By leveraging the SFSafariViewController function, attackers can hide critical information and deceive users. It's crucial for Telegram developers to address this vulnerability and for users to keep their app up-to-date to ensure a secure and private messaging experience.

Timeline

Published on: 06/29/2023 17:15:00 UTC
Last modified on: 07/07/2023 17:11:00 UTC