A serious vulnerability has been detected within Telegram.
As detailed by CertiK, a blockchain security firm, this flaw leaves users susceptible to remote code execution (RCE) attacks via the Telegram Desktop application’s media processing system.
This vulnerability can be exploited by transmitting specially crafted media files, including images and videos. Such attacks could allow hackers to execute malicious code on a user’s device remotely, compromising personal data and privacy.
To reduce the risk of falling victim to these attacks, CertiK recommends turning off the auto-download feature for media files.
Users can achieve this by going to “Settings,” selecting “Advanced,” and then proceeding to the “Automatic Media Download” section. Here, they should ensure that the auto-download options for “Photos,” “Videos,” and “Files” are turned off for all types of chats, including private conversations, groups, and channels.
This warning serves as a reminder of the constant necessity for both users and developers to remain cautious against security threats.
It is not the first time that Telegram has been at the center of similar situations regarding security. Recently, a security breach of the platform’s trading bot, Solareum, has led to its closure.