Potential Vulnerability in Telegram Raises Concerns
Alleged Vulnerability on Telegram
CertiK claimed that Telegram's desktop application, particularly its media processing feature, contains a Remote Code Execution (RCE) vulnerability that exposes users to attacks through media files.
The vulnerability only affects desktop apps executing programs in files, with the mobile app remaining unaffected.
Response from Telegram
Telegram refuted CertiK's claims, unable to verify the vulnerability and suggesting it could be misinformation.
Despite this, CertiK performed an RCE attack on Telegram's latest Windows desktop version, confirming the vulnerability and advising users to remain cautious.
Recommendations
- Review Telegram settings
- Deactivate auto-download feature
This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.