Telegram assures users that they were not at risk following the discovery of a security exploit that could potentially enable attackers to take control of a macOS device’s camera.
Telegram has downplayed the seriousness of a recently uncovered exploit that enabled researchers to access the camera systems of Apple macOS devices.
Software engineer Dan Revah identified and described the exploit in a blog post on May 15. He explained how he was able to gain local privilege escalation and access the camera of a macOS user by utilizing permissions that had been previously granted to a Telegram application installed on the device.
The exploit involved injecting a dynamic library into a user’s system, enabling the recording of the device’s camera and saving the recorded files. Additionally, the exploit allowed the attacker to bypass the terminal’s sandbox using a launch agent. By exploiting these vulnerabilities, an attacker could potentially gain higher privileges and access privacy-restricted areas within the system.
According to Telegram spokesperson Remi Vaughn, regular Telegram users are not automatically exposed to risk as the exploit necessitates the installation of malware on their systems.
According to Telegram spokesperson Remi Vaughn, the situation is primarily related to the permission security of Apple rather than Telegram itself. This vulnerability could potentially impact any macOS application. The main concern is that it appears to be possible to bypass Apple’s sandbox restrictions, which were designed to prevent the abuse of third-party apps in such scenarios.
Vaughn stated that Telegram made necessary changes to their app, which were approved by the Apple App Store on May 16. He also clarified that users who downloaded the Telegram app directly from the official website of the messaging application were not exposed to any risk.
In December 2022, Telegram released an update that allowed users to create accounts using blockchain-based anonymous numbers. This update aimed to enhance privacy and security for users.
To utilize the feature, users need to buy blockchain-based anonymous numbers from the decentralized auction platform called Fragment. These user names and anonymous numbers, exclusive to Telegram, can be acquired and exchanged using the app’s native The Open Network (TON) tokens.
In November 2022, Telegram founder Pavel Durov announced plans to develop a range of decentralized tools and services after the downfall of Sam Bankman-Fried’s FTX cryptocurrency exchange.
This information is for general knowledge only and should not be considered as advice for investing or making financial decisions.
Author
