According to Cointelegraph: A significant vulnerability in the Telegram messaging platform could leave users open to harmful attacks, according to a newly released report by blockchain security company, CertiK.
The firm's security alert division took to social media on April 9th to caution the public about a "high-risk vulnerability in the wild" detected in Telegram's media processing on the desktop application. This flaw could potentially allow hackers to execute remote code (RCE) attacks via Telegram.
The vulnerability exposes users to harmful attacks through the distribution of maliciously crafted media files, such as images or videos. To mitigate the risk and protect themselves, users are advised to modify their Telegram Desktop settings and deactivate the auto-download feature.
To do so, users can navigate to the "Settings" and then the "Advanced" tab. In the 'Automatic Media Download' section, users are urged to turn off auto-download for 'Photos', 'Videos', and 'Files' for all types of chat (private, group, and channel chats).
At the time of writing, neither CertiK nor Telegram have provided a public comment on this reported security vulnerability.