Telegram Challenges Claims of Critical Desktop App Vulnerability

Telegram has refuted claims of a vulnerability in its desktop application that could expose users to attacks
The alleged vulnerability, reported by blockchain security firm CertiK, was said to allow remote code execution via specially crafted media files
CertiK stated that the vulnerability is confined to desktop apps and mobile applications remain unaffected

Crypto messaging application Telegram has refuted desktop app vulnerability claims, assuring mobile users of safety.

ICYMI: @telegram dismissed allegations by blockchain security firm @CertiK about a high-risk vulnerability in its desktop app pic.twitter.com/fLbRiOwCxL
— BlockNews.com (@blocknewsdotcom) April 9, 2024

Telegram responds to reported desktop vulnerability

Blockchain security firm CertiK said Telegram’s desktop application has a potential high-risk Remote Code Execution (RCE) vulnerability. The firm stated that this issue exposes users to malicious attacks through specially crafted media files such as images or videos.

According to CertiK, this vulnerability could allow malicious actors to send RCE to users, potentially exposing them to attacks via specially crafted media files.

The security firm clarified that the vulnerability is confined to desktop apps which can execute programs contained within files. Mobile applications remain unaffected as they do not execute programs.

CertiK advised users to deactivate the auto-download feature on the desktop application for security purposes. Users can adjust their media download settings to manual downloads in the app’s settings.

Telegram denies vulnerability exists

In an April 9 post, Telegram stated that the trending videos were likely a hoax as there was no such vulnerability on its platform.

Nevertheless, the platform urged users to report any threat or potential vulnerabilities in its applications via its bug bounty program.

Meanwhile, a CertiK spokesperson told CryptoSlate that the firm was not in touch with Telegram and that news of the vulnerability had come from the security community. It added that the mobile version of the messaging application was secure from this vulnerability because it does not directly execute executable programs like desktops, which generally require signatures.

CertiK further stated that its social media post about the vulnerability intended to raise awareness of the potential issue and remind users of best practices.

Conclusion

While Telegram denies the reported desktop vulnerability exists, the discussion highlights the need for ongoing security awareness and vigilance by users. Responsible disclosure and confirmation of vulnerabilities is an important part of keeping crypto users safe across platforms.

Disclaimer: BlockNews provides independent reporting on crypto, blockchain, and digital finance. All content is for informational purposes only and does not constitute financial advice. Readers should do their own research before making investment decisions. Some articles may use AI tools to assist in drafting, but every piece is reviewed and edited by our editorial team of experienced crypto writers and analysts before publication.