Summary
TLDR: CertiK warns of a vulnerability in Telegram’s desktop app that could expose users to attacks, but Telegram denies it. CertiK demonstrates the vulnerability and advises caution, while Telegram says it has fixed a similar issue. Users are recommended to review settings and deactivate auto-download feature as a precaution.
Key Points
1. CertiK identified a Remote Code Execution (RCE) vulnerability in Telegram’s desktop application, potentially exposing users to malicious attacks through media files like images or videos.
2. Telegram initially refuted the claims of vulnerability but CertiK demonstrated an RCE attack on the latest Windows desktop version, prompting users to exercise caution until a complete resolution is reached.
3. CertiK recommended users to review their Telegram settings and deactivate the auto-download feature to mitigate the vulnerability, while Telegram stated that a recent server-side fix addressed a similar issue that required specific user interactions and advanced conditions.