CertiK Discovers Telegram RCE Vulnerability Allowing Attacks on Users

Publikováno: 9.4.2024

On April 9, the blockchain security platform CertiK discovered a Telegram vulnerability that enables hackers to use "primarily designed multimedia content, such as images or videos" to launch a remote code execution (RCE) threat.

The post CertiK Discovers Telegram RCE Vulnerability Allowing Attacks on Users appeared first on Cryptonews.

Celý článek

Blockchain security platform CertiK uncovered a Telegram vulnerability on April 9 that allows hackers to deploy a remote code execution (RCE) attack through “specially crafted media files, such as images or videos.”

CertiK’s Discovery Reveals Telegram Vulnerability


CertiK raised the alarm in an X post, describing the RCE attack as a “high-risk vulnerability in the wild.” An RCE vulnerability allows an attacker to execute arbitrary code on a remote device, which can lead to various levels of damage.

The security firm told the media that the RCE attack was exclusive to Telegram’s desktop version, not its mobile applications, as it was not designed to run executable programs.

Following CertiK’s discovery, the official Telegram X account countered the claim and argued that there was no vulnerability in their system and that the issue was likely a fake. Some X users shared their opinion, stating that the issue was not new to the platform.

This is not the first time that Certik has reported attacks on Telegram. In October 2023, the blockchain security firm warned users about Telegram bot tokens, which it claimed could be exit scams.

In 2021, a Shielder security research report revealed that the messaging app suffered a similar remote media-related attack that enabled hackers to send modified animated stickers on Android, iOS, and MacOS application versions which would grant them access to media files that people share in all types of chats.

The issues were reported and addressed by the Telegram security team, however.

In May 2023, Google engineer Dan Revah discovered a bug that enabled attackers to activate the camera and microphone on laptops running on MacOS software.

Could the Latest Security Setback Derail Telegram’s Wall Street Listing?


CertiK’s discovery of the Telegram vulnerability coincides with the platform’s announcement of a possible debut on Wall Street.

In March, Telegram CEO Pavel Durov exclusively told the Financial Times that the messaging app was mulling an IPO in the US, following in the footsteps of Reddit, whose stock has captured investor’s interest. With over 900 million users, a preliminary valuation of $90B, and increasing revenues, the social media app is ripe for a public listing.

“Generally speaking, we see value in [an IPO] as a means to democratise access to Telegram’s value,” he explained.

While Telegram’s expansion is evident, one major hurdle it must overcome before venturing into Wall Street is its ‘dark web’ baggage. Cybersecurity experts have long labeled the app as the hotbed for organized criminals.

According to a US cybersecurity magazine report, bad actors use the messaging platform as a marketplace to facilitate illicit transactions and spread extremist content. The platform’s poor reputation and alleged ties to the Kremlin – Patel Durov has consistently denied this – could be a major talking point for investors.

Despite these drawbacks, Telegram has adopted crypto for in-app ad purchases as part of its user monetization strategy.

The post CertiK Discovers Telegram RCE Vulnerability Allowing Attacks on Users appeared first on Cryptonews.

Nahoru
Tento web používá k poskytování služeb a analýze návštěvnosti soubory cookie. Používáním tohoto webu s tímto souhlasíte. Další informace