Telegram否认桌面应用存在报道中的漏洞，确认移动应用不受安全问题影响

奔跑财经-FinaceRun · 2024-04-10T04:57:49.000Z

Web3安全公司CertiK表示，其社交媒体帖子的目的是提高人们对该问题的认识。 Telegram否认了有关其平台上存在的漏洞，可能使用户遭受攻击的说法。有关漏洞的情况区块链安全公司CertiK在4月9日表示，Telegram的桌面应用程序存在潜在的高风险远程代码执行（RCE）漏洞。该公司声明： “在Telegram桌面应用程序的媒体处理中检测到可能的RCE。这个问题通过特制的媒体文件，如图像或视频，使用户面临恶意攻击的风险。” 据CertiK称，这个漏洞可能允许恶意行为者向用户发送RCE，从而可能使用户遭受特制媒体文件的攻击。安全公司澄清道，该漏洞仅限于桌面应用程序，这些应用程序可以执行文件中包含的程序。移动应用程序不受影响，因为它们不执行程序。出于安全考虑，CertiK建议用户在桌面应用程序上禁用自动下载功能。用户可以在应用程序的设置中将媒体下载设置调整为手动下载。 Telegram的回应 4月9日，在Telegram的一篇X平台（前Twitter）的帖子中表示，这些热门视频很可能是一个骗局，因为其平台上不存在此类漏洞。尽管如此，该平台仍敦促用户通过其漏洞赏金计划报告其应用程序中的任何威胁或潜在漏洞。与此同时，CertiK的一位发言人告诉记者，该公司没有与Telegram联系，有关漏洞的消息来自安全社区。他补充说，由于移动版本的即时通讯应用程序“不像桌面那样直接执行可执行程序，通常需要签名”，因此它不受此漏洞的影响。 CertiK进一步表示，其在社交媒体上发布有关漏洞的帖子旨在提高人们对潜在问题的认识，并提醒用户采取正确的防护措施。#Telegram #漏洞

Telegram denies reported vulnerability in desktop app, confirms mobile app is not affected by security issue

Web3 security firm CertiK said the purpose of its social media posts was to raise awareness of the issue.
Telegram has denied claims that a vulnerability existed on its platform that could have exposed its users to attacks.
The situation regarding the vulnerability
Blockchain security firm CertiK said on April 9 that Telegram’s desktop application has a potential high-risk remote code execution (RCE) vulnerability. The company stated:
“A possible RCE was detected in the media handling of the Telegram desktop application. This issue puts users at risk of malicious attacks via specially crafted media files, such as images or videos.”
According to CertiK, this vulnerability could allow a malicious actor to deliver an RCE to a user, potentially exposing them to attacks with specially crafted media files.
The security company clarified that the vulnerability is limited to desktop applications, which can execute programs contained in files. Mobile applications are not affected because they do not execute programs.
For security reasons, CertiK recommends that users disable the automatic download feature on the desktop application. Users can adjust the media download settings to manual downloads in the application's settings.
Telegram’s response
In a post on Telegram on April 9, Platform X (formerly Twitter) said that the trending videos were most likely a scam because no such vulnerability existed on its platform.
Still, the platform urges users to report any threats or potential vulnerabilities in its apps through its bug bounty program.
Meanwhile, a CertiK spokesperson told reporters that the company had not been in contact with Telegram and that the news about the vulnerability came from the security community. He added that since the mobile version of the instant messaging app "does not directly execute executable programs like the desktop, which usually requires a signature", it is not affected by this vulnerability.
CertiK further stated that its posts about the vulnerability on social media are intended to raise awareness of potential issues and remind users to take proper protective measures. #Telegram  #漏洞 

Disclaimer: Includes thrid-party opinions. No financial advice. May include sponsored content. See T&Cs.

Telegram denies reported vulnerability in desktop app, confirms mobile app is not affected by security issue

Explore More From Creator

Latest News

Telegram denies reported vulnerability in desktop app, confirms mobile app is not affected by security issue

Explore More From Creator

Latest News

Trending Articles