April 19, 2024
High-Risk Telegram Vulnerability Exposes Users, CertiK Alert
Latest Cryptocurrency News

High-Risk Telegram Vulnerability Exposes Users: CertiK Alert

A recent report by CertiK, a blockchain security firm, has shed light on a significant vulnerability within the Telegram messenger platform, exposing users to potential malicious attacks. CertiK Alert, posted on social media platform X on April 9, issued a warning regarding a “high-risk vulnerability in the wild,” which could lead to remote code execution (RCE) attacks through Telegram’s media processing.

The alert highlighted that CertiK’s team had identified a “possible RCE” attack vector within the Telegram Desktop application’s media processing. This vulnerability poses a serious threat as it could allow hackers to execute malicious code by exploiting specially crafted media files, including images or videos.

In response to this security threat, CertiK recommended immediate action for Telegram Desktop users. They advised users to review their Telegram Desktop settings and disable the auto-download feature, which is susceptible to exploitation. Disabling this feature requires users to navigate to “Settings” and then select “Advanced.” Within the “Automatic Media Download” section, users are urged to disable auto-download for “Photos,” “Videos,” and “Files” across all chat types, including private chats, groups, and channels.

Source: CertiK

Mitigation Measures Recommended by CertiK

In light of the critical vulnerability identified in Telegram’s media processing, CertiK emphasized the importance of taking proactive steps to mitigate the risk of potential attacks. By promptly disabling the auto-download feature for various media types, users can enhance their security posture and minimize the likelihood of falling victim to exploitation.

Source: Dan Rehah

Awaiting Responses from CertiK and Telegram

As the security community grapples with the implications of this newly discovered vulnerability in Telegram, efforts to seek clarification and potential remediation from relevant stakeholders, including CertiK and Telegram, continue. However, as of the time of publication, responses from these parties regarding the reported vulnerability remain pending.

Image by standret on Freepik

Related posts

Pyth Network Launches Price Feeds and Benchmarks on Hedera Blockchain

Chloe Taylor

Thai Authorities Arrest 5 Suspects in $27M Cryptocurrency Scam

Bran Lopez

Sam Bankman-Fried’s Legal Defense: Former FTX CEO Pleads Not Guilty to Allegations

Henry Clarke

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More