{"id":75545,"date":"2024-04-09T10:22:01","date_gmt":"2024-04-09T14:22:01","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=75545"},"modified":"2024-04-09T10:22:04","modified_gmt":"2024-04-09T14:22:04","slug":"certik-warns-users-against-high-risk-telegram-vulnerability","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/certik-warns-users-against-high-risk-telegram-vulnerability\/","title":{"rendered":"CertiK Warns Users Against \u2018High-risk\u2019 Telegram Vulnerability"},"content":{"rendered":"\n

In fresh research, the blockchain security company CertiK claims that Telegram Messenger<\/a> users are vulnerable to malicious attacks due to a significant vulnerability.<\/p>\n\n\n\n

\"CertiK
CertiK Warns Users Against \u2018High-risk\u2019 Telegram Vulnerability <\/figcaption><\/figure>\n\n\n\n

On April 9, CertiK Alert used the social media platform X to alert users to a “high-risk vulnerability in the wild” that might enable hackers to use Telegram's media processing to launch a remote code execution (RCE) attack.<\/p>\n\n\n\n

The post claims that a “possible RCE” exploit in Telegram's media processing in the Telegram Desktop application has been found by CertiK's team.<\/p>\n\n\n\n

“This vulnerability puts users at risk of malicious attacks via carefully crafted media files, like pictures or videos,” stated CertiK.<\/p>\n\n\n\n

Users should verify their Telegram Desktop configuration and turn off the auto-download option to prevent the vulnerability. You can turn off the feature by selecting “Advanced” from the “Settings” menu.<\/p>\n\n\n\n

\"Source:
Source:\u00a0CertiK\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a><\/figcaption><\/figure>\n\n\n\n

“Disable auto-download for photos, videos, and files across all chat types (private chats, groups, and channels) under the ‘Automatic Media Download' section,” said CertiK.<\/p>\n\n\n\n

At the time of publication, Cointelegraph had not heard back from CertiK or Telegram regarding the new vulnerability in Telegram.<\/p>\n\n\n\n

With its custodial wallet solution, Wallet, users may transact cryptocurrencies like Bitcoin and Toncoin<\/a> (TON) and communicate with each other using Telegram, a popular chat that supports cryptocurrencies.<\/p>\n\n\n\n

“Custodial” refers to Wallet placing the assets in its own custody rather than providing users with the private key by default to shield novices in the market from assuming self-custody obligations.<\/p>\n\n\n\n

Telegram has had vulnerabilities before, this being only the most recent one. A Google engineer, Dan Reva discovered a severe flaw in 2023 that would let intruders turn on the microphone and camera on macOS laptops.<\/p>\n\n\n\n

\"\"
Source:\u00a0Dan Rehah<\/use><\/svg><\/span><\/a><\/figcaption><\/figure>\n\n\n\n

A security researcher from Shielder found a similar media-related problem on Telegram in 2021. This bug allowed attackers to send animated stickers that were altered, potentially exposing the victims' data.<\/p>\n\n\n\n

However, Telegram has been aggressively patching any holes in its program. Since its launch in 2014, Telegram's bug bounty program<\/a> has allowed developers and security researchers to submit reports and potentially earn prizes of up to $100,000, depending on the severity of the issue.<\/p>\n","protected":false},"excerpt":{"rendered":"

In fresh research, the blockchain security company CertiK claims that Telegram Messenger users are vulnerable to malicious attacks due to a significant vulnerability. On April 9, CertiK Alert used the social media platform X to alert users to a “high-risk vulnerability in the wild” that might enable hackers to use Telegram’s media processing to launch […]<\/p>\n","protected":false},"author":12,"featured_media":65479,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[6357,5817,6700,11865],"class_list":["post-75545","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-certik","tag-hack-2","tag-vulnerability","tag-telegram-2"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2023\/11\/image-103.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/75545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=75545"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/75545\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/65479"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=75545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=75545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=75545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}