Key Takeaways
- CertiK has reported a high-risk vulnerability in Telegram that could allow for remote code execution attacks;
- The vulnerability is found in the media processing system of the Telegram Desktop application and can be exploited via specially crafted media files;
- To safeguard against potential attacks, Telegram users are advised to disable the auto-download feature for media files across all chat types.
A serious vulnerability has been detected within Telegram.
As detailed by CertiK, a blockchain security firm, this flaw leaves users susceptible to remote code execution (RCE) attacks via the Telegram Desktop application's media processing system.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is an NFT? (Explained with Animations)
This vulnerability can be exploited by transmitting specially crafted media files, including images and videos. Such attacks could allow hackers to execute malicious code on a user's device remotely, compromising personal data and privacy.
To reduce the risk of falling victim to these attacks, CertiK recommends turning off the auto-download feature for media files.
Users can achieve this by going to "Settings," selecting "Advanced," and then proceeding to the "Automatic Media Download" section. Here, they should ensure that the auto-download options for "Photos," "Videos," and "Files" are turned off for all types of chats, including private conversations, groups, and channels.
This warning serves as a reminder of the constant necessity for both users and developers to remain cautious against security threats.
It is not the first time that Telegram has been at the center of similar situations regarding security. Recently, a security breach of the platform's trading bot, Solareum, has led to its closure.