Critical Telegram Vulnerability Puts Users at High Risk, Warns CertiK

CertiK, a blockchain security firm, recently released a report warning users of a major vulnerability on the popular messaging app, Telegram. The vulnerability exposes users to potential malicious attacks, specifically through Telegram’s media processing feature. CertiK’s team discovered a possible remote code execution (RCE) attack that could be initiated through specially crafted media files, like images or videos. To protect themselves, users are advised to disable the auto-download feature in their Telegram Desktop settings.

The CERTIK Alert, posted on social media platform X on April 9, described the vulnerability as a high-risk issue that could allow hackers to execute remote code attacks. In response, CertiK advised users to review their Telegram Desktop settings and disable the auto-download feature for photos, videos, and files in all chat types – private chats, groups, and channels.

contacted CertiK and Telegram to request their comments on the vulnerability but did not receive a response at the time of publication. The lack of response raises concerns about the urgency and seriousness of the issue.

The vulnerability in Telegram’s media processing feature is particularly dangerous because it can be exploited through media files, such as images or videos. This means that users who receive seemingly harmless media files could unknowingly be exposing themselves to malicious attacks.

As a precautionary measure, CertiK recommends that users disable the auto-download feature in their Telegram Desktop settings. By doing so, users can prevent potentially harmful media files from automatically downloading onto their device, reducing the risk of falling victim to a remote code execution attack.

To disable the auto-download feature, users can access the “Settings” option in their Telegram Desktop application and then navigate to the “Advanced” section. Under the “Automatic Media Download” category, they should disable auto-download for photos, videos, and files across all chat types.

It is crucial for Telegram users to be aware of this vulnerability and take the necessary steps to protect themselves. Regularly checking and updating their Telegram Desktop configuration can significantly reduce the risk of becoming a target for hackers seeking to exploit this vulnerability.

CertiK’s report highlights a significant vulnerability on Telegram that exposes users to potential malicious attacks through the app’s media processing feature. To mitigate this risk, users are advised to disable the auto-download feature for media files in their Telegram Desktop settings. It is important for users to stay informed about software vulnerabilities and take necessary precautions to ensure their online safety.