CertiK claims to have identified a high-risk vulnerability in the Telegram messenger. Experts pointed out the possibility of infecting a user's device with malware.
According to the project team, the problem lies in the exploitation of a remote code execution (RCE) vulnerability by hackers. To do this, attackers use media files that are automatically downloaded in the messenger, the company noted.
#CertiKInsight ⚠️
We see a high-risk vulnerability in the wild,
Please check your telegram configurations to improve security!
👇👇👇👇👇
Possible RCE was detected in Telegram's media processing in Telegram Desktop application.
This issue exposes users to malicious attacks through…— CertiK Alert (@CertiKAlert) April 9, 2024
Analysts indicate that hackers disguise malware as videos or images. This allows them to infect a device with virtually no user interaction, according to Certik.
For this reason, experts recommend that Telegram audiences disable the automatic downloading of media files in the messenger. Thus, in their opinion, you can protect yourself to some extent from infected software.
Some users of social platform X (formerly Twitter) criticized the company's statements. They note that this messenger problem has been known for a long time and various experts have repeatedly warned about the risks of automatically downloading media files.
Lol, this is an issue for over a year now.
— Fugazi Finance (@fugazifinance) April 9, 2024
Previously, the company faced criticism from the Web3 community for another statement. In November 2023, the CertiK team announced the identification of a vulnerability in the Solana Saga smartphone. The company's experts argued that the company's device could be hacked and all user data could be stolen.
However, Solana experts and the blockchain community refuted CertiK’s claims. They noted that company representatives did not use a specific Saga vulnerability, but unlocked the smartphone’s bootloader.
This is included in the list of advanced features of many Android devices. To activate the option, the attacker must have direct access to the device, Solana emphasized.
Source: Cryptocurrency
I am an experienced journalist and writer with a career in the news industry. My focus is on covering Top News stories for World Stock Market, where I provide comprehensive analysis and commentary on markets around the world. I have expertise in writing both long-form articles and shorter pieces that deliver timely, relevant updates to readers.
