Blockchain security firm CertiK has issued a cautionary notice regarding a possible vulnerability detected in Telegram’s Desktop applications. This raises concerns over users’ potential exposure to malicious attacks.
However, Telegram, known for its crypto-friendly messaging platform, has refuted these claims, asserting that such a vulnerability is absent within its system.
Certik claimed that Telegram’s desktop application, specifically its media processing functionality, contained a significant Remote Code Execution (RCE) vulnerability. It allegedly exposes users to attacks through media files like images or videos.
The firm specified that the vulnerability affects only desktop apps that execute programs contained within files. However, the mobile application remains unaffected.
Telegram swiftly responded to CertiK’s claims, stating that it could not verify the vulnerability and suggesting it could be misinformation. However, CertiK demonstrated an RCE attack on Telegram’s latest Windows desktop version, reinforcing its initial claim. Consequently, it advised users to exercise caution until a complete resolution is reached.
CertiK recommends users review their Telegram settings and deactivate the auto-download feature to mitigate the vulnerability. Still, Telegram has since addressed CertiK’s renewed disclosure, citing a recent server-side fix for a similar issue. The firm clarified that the resolved vulnerability required specific user interactions and advanced conditions.
“Certik posted this after we notified them about a server-side fix for an issue which was similar to the one they initially hinted at (but required user interaction; required the user to have Python installed; and could not be triggered by automatic downloads),” Telegram said.
Telegram is a widely used messenger platform recognized for its cryptocurrency-friendly environment. The application enables users to communicate, exchange files, and conduct cryptocurrency transactions, including Bitcoin, through its custodial wallet solution.
Recently, Telegram began permitting users to buy advertisements using Toncoin (TON) and introduced a revenue-sharing program to reward channel owners.
Source: beincrypto.com