Connect with us

Hi, what are you looking for?

Oracle of  Omaha SaysOracle of  Omaha Says

Editor's Pick

CertiK Discovers Telegram RCE Vulnerability Allowing Attacks on Users

Blockchain security platform CertiK uncovered a Telegram vulnerability on April 9 that allows hackers to deploy a remote code execution (RCE) attack through “specially crafted media files, such as images or videos.”

CertiK’s Discovery Reveals Telegram Vulnerability

CertiK raised the alarm in an X post, describing the RCE attack as a “high-risk vulnerability in the wild.” An RCE vulnerability allows an attacker to execute arbitrary code on a remote device, which can lead to various levels of damage.

The security firm told the media that the RCE attack was exclusive to Telegram’s desktop version, not its mobile applications, as it was not designed to run executable programs.

We see a high-risk vulnerability in the wild,
Please check your telegram configurations to improve security!

Possible RCE was detected in Telegram’s media processing in Telegram Desktop application.
This issue expose users to malicious attacks through…

— CertiK Alert (@CertiKAlert) April 9, 2024

Following CertiK’s discovery, the official Telegram X account countered the claim and argued that there was no vulnerability in their system and that the issue was likely a fake. Some X users shared their opinion, stating that the issue was not new to the platform.

Lol, this is an issue for over a year now.

— Fugazi Finance (@fugazifinance) April 9, 2024

This is not the first time that Certik has reported attacks on Telegram. In October 2023, the blockchain security firm warned users about Telegram bot tokens, which it claimed could be exit scams.

In 2021, a Shielder security research report revealed that the messaging app suffered a similar remote media-related attack that enabled hackers to send modified animated stickers on Android, iOS, and MacOS application versions which would grant them access to media files that people share in all types of chats.

The issues were reported and addressed by the Telegram security team, however.

In May 2023, Google engineer Dan Revah discovered a bug that enabled attackers to activate the camera and microphone on laptops running on MacOS software.

CVE-2023-26818: Latest blog post on how I found a vulnerability in Telegram’s macOS app and was able to bypass TCC, giving me unauthorized access to sensitive user data and recording the user via camera. #Cybersecurity #macOS

— Dan Revah (@danrevah) May 15, 2023

Could the Latest Security Setback Derail Telegram’s Wall Street Listing?

CertiK’s discovery of the Telegram vulnerability coincides with the platform’s announcement of a possible debut on Wall Street.

In March, Telegram CEO Pavel Durov exclusively told the Financial Times that the messaging app was mulling an IPO in the US, following in the footsteps of Reddit, whose stock has captured investor’s interest. With over 900 million users, a preliminary valuation of $90B, and increasing revenues, the social media app is ripe for a public listing.

“Generally speaking, we see value in [an IPO] as a means to democratise access to Telegram’s value,” he explained.

Telegram has received a preliminary valuation of $30 billion ahead of a potential IPO, reaching 900 million users and almost breaking even in profit

$TON reacts with a 15% increase

— epickot (@epickot) March 11, 2024

While Telegram’s expansion is evident, one major hurdle it must overcome before venturing into Wall Street is its ‘dark web’ baggage. Cybersecurity experts have long labeled the app as the hotbed for organized criminals.

According to a US cybersecurity magazine report, bad actors use the messaging platform as a marketplace to facilitate illicit transactions and spread extremist content. The platform’s poor reputation and alleged ties to the Kremlin – Patel Durov has consistently denied this – could be a major talking point for investors.

Despite these drawbacks, Telegram has adopted crypto for in-app ad purchases as part of its user monetization strategy.

The post CertiK Discovers Telegram RCE Vulnerability Allowing Attacks on Users appeared first on Cryptonews.

Enter Your Information Below To Receive Free Trading Ideas, Latest News And Articles.

    Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!

    You May Also Like

    Latest News

    A former Republican legislative candidate who traveled to Washington for former President Donald Trump’s ‘Stop the Steal’ rally was arrested Friday and charged with...


    Even as U.S. inflation broadly cools, frozen vegetable prices are hot. The average shelf price for frozen veggies rose by 18% in the past year...

    Latest News

    Abbe Lowell, Hunter Biden’s attorney, filed an ethics complaint Friday against Georgia Rep. Marjorie Taylor Green after she displayed censured nude photos of the president’s...

    Latest News

    President Biden has overruled the Pentagon and chosen Adm. Lisa Franchetti to lead the Navy, making her the first woman, if she’s confirmed, to...

    Disclaimer:, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

    Copyright © 2024