- Telegram has refuted claims of a vulnerability in its desktop application that could expose users to attacks
- The alleged vulnerability, reported by blockchain security firm CertiK, was said to allow remote code execution via specially crafted media files
- CertiK stated that the vulnerability is confined to desktop apps and mobile applications remain unaffected
Crypto messaging application Telegram has refuted desktop app vulnerability claims, assuring mobile users of safety.
Telegram responds to reported desktop vulnerability
Blockchain security firm CertiK said Telegram’s desktop application has a potential high-risk Remote Code Execution (RCE) vulnerability. The firm stated that this issue exposes users to malicious attacks through specially crafted media files such as images or videos.
According to CertiK, this vulnerability could allow malicious actors to send RCE to users, potentially exposing them to attacks via specially crafted media files.
The security firm clarified that the vulnerability is confined to desktop apps which can execute programs contained within files. Mobile applications remain unaffected as they do not execute programs.
CertiK advised users to deactivate the auto-download feature on the desktop application for security purposes. Users can adjust their media download settings to manual downloads in the app’s settings.
Telegram denies vulnerability exists
In an April 9 post, Telegram stated that the trending videos were likely a hoax as there was no such vulnerability on its platform.
Nevertheless, the platform urged users to report any threat or potential vulnerabilities in its applications via its bug bounty program.
Meanwhile, a CertiK spokesperson told CryptoSlate that the firm was not in touch with Telegram and that news of the vulnerability had come from the security community. It added that the mobile version of the messaging application was secure from this vulnerability because it does not directly execute executable programs like desktops, which generally require signatures.
CertiK further stated that its social media post about the vulnerability intended to raise awareness of the potential issue and remind users of best practices.
Conclusion
While Telegram denies the reported desktop vulnerability exists, the discussion highlights the need for ongoing security awareness and vigilance by users. Responsible disclosure and confirmation of vulnerabilities is an important part of keeping crypto users safe across platforms.
