Currencies38120
Market Cap$ 2.25T+1.25%
24h Spot Volume$ 33.72B-10.2%
DominanceBTC56.31%+0.59%ETH9.36%-0.62%
ETH Gas0.07 Gwei
Cryptorank
/

CertiK discovers a high-risk vulnerability on Telegram


CertiK discovers a high-risk vulnerability on Telegram

Share:

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Blockchain security firm CertiK has released a new report showing that there is a new vulnerability on Telegram Messenger that is exposing users to malicious attacks. In its post on X, the security firm mentioned the vulnerability that hackers could use to deploy a remote code execution (RCE) attack through Telegram’s media processing.

CertiK details Telegram’s desktop application’s vulnerability

The post clarified that hackers could take advantage of media processing on Telegram’s desktop application, thereby deploying the RCE attack. CertiK noted that users could be exposed to these malicious attacks through specially made media files. “This issue exposes users to malicious attacks through specially crafted media files, such as images or videos,” CertiK said.

According to a CertiK spokesperson, the said vulnerability is limited to only the desktop application. He notes that the mobile application does not carry out executable programs directly unlike the desktop that requires signatures. The spokesperson also noted that it was the security community that discovered the issue. To avoid the vulnerability, CertiK urged users to disable the auto-download feature in the desktop configuration of their Telegram application.

Users can disable the auto-download feature by clicking on ‘Settings’ and then selecting ‘Advance’. After the automatic media download option pops up, they can toggle the disable button across all media files.

Response and measures to address vulnerabilities

Telegram is a messenger application that has enjoyed quite a success since its launch. The crypto-friendly application allows users to exchange messages, pictures, videos, and digital assets like Bitcoin and Toncoin. It allows users to carry out these crypto-related activities through the use of its custodial wallet called Wallet. The platform holds a custodial wallet to help crypto newbies who are still green when it comes to self-custody.

Telegram swiftly replied to the update on X, noting that the said vulnerability is nonexistent. “We can’t confirm that such a vulnerability exists. This video is likely a hoax,” the messaging app said.

However, it is not the first time that a vulnerability has been reported on the platform. In 2023, Google engineer Dan Reva discovered a bug that could aid hackers in activating the cameras and microphone on macOS laptops.

Telegram has also been working tirelessly to discover and address vulnerabilities on its platform. The messaging app has a bug bounty program that has been running since 2014 offering researchers and developers opportunities to earn rewards of up to $100,000 for discovering issues on the app. Moreover, the app has urged anyone who discovers issues on the app to report them. “Anyone can report potential vulnerabilities in our apps and get a reward,” Telegram said.

Read the article at CryptoPolitan

In This News

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

In This News

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

Read More

Arbitrum jumps 19% benefitting from Robinhood's $568 million onchain trading frenzy

Arbitrum jumps 19% benefitting from Robinhood's $568 million onchain trading frenzy

The brokerage's new blockchain is off to a fast start, with memecoin trading boosting...
Over 15 Banks Race to Tokenize Finance, and It Could Affect Bitcoin

Over 15 Banks Race to Tokenize Finance, and It Could Affect Bitcoin

In Brief More than 15 banks are tokenizing finance on private blockchains, challengi...