Telegram debunks reported vulnerability in desktop app, confirms mobile security
Telegram debunks reported vulnerability in desktop app, confirms mobile security Telegram debunks reported vulnerability in desktop app, confirms mobile security
Web3 security agency CertiK acknowledged its social media put up was to spread awareness in regards to the mission.
Duvet art work/illustration through CryptoSlate. Image contains mixed shriek material that would come with AI-generated shriek material.
The crypto-friendly messaging application Telegram has debunked claims that a vulnerability on its platform uncovered its customers to attacks.
The alleged vulnerability
Blockchain security agency CertiK acknowledged on April 9 that Telegram’s desktop application has a doable high-wretchedness A long way away Code Execution (RCE) vulnerability. The agency stated:
“That you just are going to be in a region to think RCE detected in Telegram’s media processing within the Telegram Desktop application. This mission exposes customers to malicious attacks thru specially crafted media files, similar to photos or videos.”
Per CertiK, this vulnerability might maybe moreover allow malicious actors to send RCE to customers, likely exposing them to attacks through specially crafted media files.
The safety agency clarified that the vulnerability is confined to desktop apps, which would maybe draw capabilities contained within files. Mobile capabilities remain unaffected, as they compose no longer draw capabilities.
CertiK informed customers to deactivate the auto-acquire characteristic on the desktop application for security applications. Users can alter their media acquire settings to manual downloads within the app’s settings.
Telegram’s response
In an April 9 put up on X (beforehand Twitter), Telegram stated that the trending videos were likely a hoax as there was no such vulnerability on its platform.
However, the platform informed customers to document any menace or doable vulnerabilities in its capabilities through its malicious program bounty program.
Meanwhile, a CertiK spokesperson urged CryptoSlate that the agency was no longer eager with Telegram and that recordsdata of the vulnerability had advance from the protection neighborhood. It added that the mobile version of the messaging application was stable from this vulnerability because it “would one way or the opposite draw executable capabilities admire desktops, which in general require signatures.”
CertiK extra stated that its social media put up in regards to the vulnerability supposed to raise awareness of the capability mission and remind customers of simplest practices.
Talked about in this text
Oluwapelumi Adejumo
Oluwapelumi values Bitcoin's doable. He imparts insights on a vary of topics admire DeFi, hacks, mining and tradition, underlining transformative vitality.
Assad Jafri
AJ, a passionate journalist since Yemen's 2011 Arab Spring, has honed his skills worldwide for over a decade. That specialize in monetary journalism, he now specializes in crypto reporting.
Most in vogue Alpha Market Document
Most in vogue Press Releases
Listed right here
CertiK
Based in 2018 by professors of Yale College and Columbia College, CertiK is a pioneer in blockchain security, the exhaust of simplest-in-class AI technology to stable and notice blockchain protocols and inspiring contracts.
Featured Story
Advertise Here
Source credit : cryptoslate.com
