CertiK Alert, a leading Bitcoin and cryptocurrency security organization, has discovered a high-risk vulnerability in the popular messaging app Telegram.
The vulnerability allows remote code execution (RCE), exposing users to malicious attacks via specially crafted media files such as images or videos.
CertiK issued a warning about this vulnerability, stating “We are seeing a high-risk vulnerability in the market. Please check your Telegram configurations to increase security.” The vulnerability was detected in the media operations of Telegram's Desktop application.
To reduce the risk, CertiK strongly advised users to disable the automatic download function for photos, videos and files in all chat types, including private chats, groups and channels.
Here are the steps to disable the automatic download feature:
- Open Telegram and go to 'Settings'.
- Tap 'Advanced'.
- Under the 'Automatic Media Downloads' section, disable automatic downloads for 'Photos', 'Videos' and 'Files' across all chat types.
However, Telegram may soon release an update for this vulnerability, so users should check for updates frequently.
*This is not investment advice.