CertiK Uncovers High-Risk Vulnerability in Telegram Desktop App

CertiK, a blockchain security company, recently revealed a significant security flaw within the #Telegram messaging app that puts users at risk of cyber-attacks. The announcement was made on April 9 via the social media site X, where CertiK Alert highlighted a dangerous vulnerability that could enable attackers to carry out remote code execution (RCE) attacks by exploiting Telegram’s media processing capabilities.

The vulnerability, identified in the media processing functions of the Telegram Desktop application, can be triggered by attackers using maliciously crafted media files, including images and videos. CertiK's investigation pinpointed a specific RCE attack vector within these processes, signaling a direct threat to users.

A #CertiK spokesperson, in conversation with Cointelegraph, clarified that this vulnerability is unique to the desktop version of Telegram. The mobile version is safer in this regard since it doesn't execute executable files directly, a process that typically requires digital signatures for additional security. This information was shared in response to concerns raised within the security community.

For those using Telegram on desktop devices, CertiK advises reviewing and adjusting the application’s settings to mitigate the risk. Specifically, users should disable the auto-download feature to prevent the automatic processing of potentially dangerous files. This precaution can be taken by accessing the “Settings” menu, followed by the “Advanced” options, where the auto-download functionality can be turned off.