Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Telegram clarifies reported weakness in desktop application, affirms mobile security measures.
The crypto-friendly messaging platform Telegram has refuted assertions that a flaw in its system has put its users at risk of attacks.
The purported vulnerability
Blockchain security company CertiK announced on April 9 that Telegram’s desktop application has a possible high-risk Remote Code Execution (RCE) vulnerability. The firm remarked:
“Possible RCE detected in Telegram’s media processing in the Telegram Desktop application. This issue exposes users to malicious attacks through specially crafted media files, such as images or videos.”
As per CertiK, this vulnerability could enable malicious individuals to deliver RCE to users, potentially putting them at risk through specially crafted media files.
The security firm clarified that the vulnerability is limited to desktop applications, which can run programs embedded within files. Mobile applications are not impacted, as they do not run programs.
Related Posts
CertiK recommended that users disable the auto-download feature on the desktop application for security reasons. Users can modify their media download preferences to manual downloads in the app’s settings.
Telegram’s reply
In an April 9 message on X (formerly Twitter), Telegram indicated that the trending videos were likely a fabrication, asserting that no such vulnerability exists on its platform.
Nonetheless, the platform encouraged users to report any threats or potential vulnerabilities in its applications through its bug bounty program.
Meanwhile, a CertiK representative informed CryptoSlate that the firm had not communicated with Telegram and that the information regarding the vulnerability originated from the security community. It added that the mobile version of the messaging application is secure from this vulnerability because it “does not directly execute executable programs like desktops, which generally require signatures.”
CertiK further mentioned that its social media announcement about the vulnerability aimed to raise awareness of the potential issue and remind users of best practices.
The post Telegram debunks reported vulnerability in desktop app, confirms mobile security appeared first on CryptoSlate.
