Researchers in the field of information security at Certik Alert have discovered a potential high-risk flaw in the Telegram Desktop application that might make users vulnerable to attacks that use remote code execution (RCE).
This vulnerability presents itself within the media processing capabilities of the Telegram application.
Attackers could take advantage of this vulnerability by distributing specially prepared media assets, such as videos or images, to users who are unaware of the vulnerability.
There is a potential risk that unauthorized code can be run on a victim’s device if they open or download a malicious file.
Cyber attackers use various tactics to deceive users, such as crafting emails or messages that seem authentic, leading them to expose personal details or click on harmful links.
Malware can be camouflaged as reputable apps or concealed in innocent-looking files, allowing it to pilfer data, inject more malware, or take over a device once activated.
In case you missed it: Hoskinson highlight 2 major Cardano upgrades and criticism
Certik Alert suggests that the auto-download feature within the Telegram Desktop program be disabled in order to reduce the risk even if a permanent patch from Telegram is still in the process of being developed.
The Certik team has provided guidelines on how to do it: Open the application, go to the “Settings” menu, click on “Advanced” settings, and under “Automatic Media Download,” disable automatic downloads of “Photos,” “Videos,” and “Files” for all types of chats, including private chats, groups, and channels.
Following these steps, Telegram users can significantly reduce the risk of falling prey to this potential RCE vulnerability.
Certik also suggests keeping the Telegram Desktop program up to date to ensure users receive any official security patches released by developers.
Telegram has positioned itself as a significant player in the growing Blockchain Industry. It has become one of the largest social media platforms for crypto projects to build communities and share resources.