Web3 security firm CertiK said the purpose of its social media posts was to raise awareness of the issue.
Telegram has denied claims that a vulnerability existed on its platform that could have exposed its users to attacks.
The situation regarding the vulnerability
Blockchain security firm CertiK said on April 9 that Telegram’s desktop application has a potential high-risk remote code execution (RCE) vulnerability. The company stated:
“A possible RCE was detected in the media handling of the Telegram desktop application. This issue puts users at risk of malicious attacks via specially crafted media files, such as images or videos.”
According to CertiK, this vulnerability could allow a malicious actor to deliver an RCE to a user, potentially exposing them to attacks with specially crafted media files.
The security company clarified that the vulnerability is limited to desktop applications, which can execute programs contained in files. Mobile applications are not affected because they do not execute programs.
For security reasons, CertiK recommends that users disable the automatic download feature on the desktop application. Users can adjust the media download settings to manual downloads in the application's settings.
Telegram’s response
In a post on Telegram on April 9, Platform X (formerly Twitter) said that the trending videos were most likely a scam because no such vulnerability existed on its platform.
Still, the platform urges users to report any threats or potential vulnerabilities in its apps through its bug bounty program.
Meanwhile, a CertiK spokesperson told reporters that the company had not been in contact with Telegram and that the news about the vulnerability came from the security community. He added that since the mobile version of the instant messaging app "does not directly execute executable programs like the desktop, which usually requires a signature", it is not affected by this vulnerability.
CertiK further stated that its posts about the vulnerability on social media are intended to raise awareness of potential issues and remind users to take proper protective measures. #Telegram #漏洞