5 months ago
The crypto-friendly messaging exertion Telegram has debunked claims that a vulnerability connected its level exposed its users to attacks.
The alleged vulnerability
Blockchain information steadfast CertiK said connected April 9 that Telegram’s desktop exertion has a imaginable high-risk Remote Code Execution (RCE) vulnerability. The steadfast stated:
“Possible RCE detected successful Telegram’s media processing successful the Telegram Desktop application. This contented exposes users to malicious attacks done specially crafted media files, specified arsenic images oregon videos.”
According to CertiK, this vulnerability could let malicious actors to nonstop RCE to users, perchance exposing them to attacks via specially crafted media files.
The information steadfast clarified that the vulnerability is confined to desktop apps, which tin execute programs contained wrong files. Mobile applications stay unaffected, arsenic they bash not execute programs.
CertiK advised users to deactivate the auto-download diagnostic connected the desktop exertion for information purposes. Users tin set their media download settings to manual downloads successful the app’s settings.
Telegram’s response
In an April 9 station connected X (formerly Twitter), Telegram stated that the trending videos were apt a hoax arsenic determination was nary specified vulnerability connected its platform.
Nevertheless, the level urged users to study immoderate menace oregon imaginable vulnerabilities successful its applications via its bug bounty program.
Meanwhile, a CertiK spokesperson told CryptoSlate that the steadfast was not successful interaction with Telegram and that quality of the vulnerability had travel from the information community. It added that the mobile mentation of the messaging exertion was unafraid from this vulnerability due to the fact that it “does not straight execute executable programs similar desktops, which mostly necessitate signatures.”
CertiK further stated that its societal media station astir the vulnerability intended to rise consciousness of the imaginable contented and punctual users of champion practices.
The station Telegram debunks reported vulnerability successful desktop app, confirms mobile security appeared archetypal connected CryptoSlate.
English (US) 