Telegram debunks reported vulnerability in desktop app, confirms mobile security
Telegram debunks reported vulnerability in desktop app, confirms mobile security
Web3 security agency CertiK acknowledged its social media put up was to spread awareness in regards to the mission.
The crypto-friendly messaging application Telegram has debunked claims that a vulnerability on its platform uncovered its customers to attacks.
The alleged vulnerability
Blockchain security agency CertiK acknowledged on April 9 that Telegram’s desktop application has a doable high-wretchedness A long way away Code Execution (RCE) vulnerability. The agency stated:
“That you just are going to be in a region to think RCE detected in Telegram’s media processing within the Telegram Desktop application. This mission exposes customers to malicious attacks thru specially crafted media files, similar to photos or videos.”
Per CertiK, this vulnerability might maybe moreover allow malicious actors to send RCE to customers, likely exposing them to attacks through specially crafted media files.
The safety agency clarified that the vulnerability is confined to desktop apps, which would maybe draw capabilities contained within files. Mobile capabilities remain unaffected, as they compose no longer draw capabilities.
CertiK informed customers to deactivate the auto-acquire characteristic on the desktop application for security applications. Users can alter their media acquire settings to manual downloads within the app’s settings.
Telegram’s response
In an April 9 put up on X (beforehand Twitter), Telegram stated that the trending videos were likely a hoax as there was no such vulnerability on its platform.
However, the platform informed customers to document any menace or doable vulnerabilities in its capabilities through its malicious program bounty program.
Meanwhile, a CertiK spokesperson urged CryptoSlate that the agency was no longer eager with Telegram and that recordsdata of the vulnerability had advance from the protection neighborhood. It added that the mobile version of the messaging application was stable from this vulnerability because it “would one way or the opposite draw executable capabilities admire desktops, which in general require signatures.”
CertiK extra stated that its social media put up in regards to the vulnerability supposed to raise awareness of the capability mission and remind customers of simplest practices.
Talked about in this text
Source credit : cryptoslate.com