Telegram addresses camera exploit, points to Apple macOS security permissions


Messaging application Telegram has played down the severity of a discovered exploit that allowed researchers to gain access to camera systems of Apple macOS devices. 

Software engineer Dan Revah flagged the exploit in a blog post on May 15, outlining the method allowing him to gain local privilege escalation to access a macOS user’s camera through permissions previously granted to an installed Telegram application.

By injecting a dynamic library into a user’s system, the exploit would allow recording from the device’s camera and the ability to save the file. Revah also claims that the exploit allows an attacker to bypass the sandbox of the terminal using a launch agent. An attacker could also gain more privileges to the system by accessing privacy-restricted areas.

Related articles

Cointelegraph reached out to Telegram to confirm whether its team had addressed concerns raised by Revah and to ascertain the severity of the identified exploit. Telegram spokesperson Remi Vaughn said that Telegram users are not at risk by default, with the exploit requiring malware to be installed on their systems:

“This situation has more to do with Apple’s permission security than it does with Telegram and can potentially affect any macOS app as a result. The real issue is that it seems to be possible to bypass Apple’s sandbox restrictions that were created specifically to prevent such abuse of third-party apps.”

Vaughn said that Telegram had executed changes that received approval from the Apple App Store late on May 16. He also added that users that downloaded the Telegram app directly from the messaging application’s website were not at risk.

Cointelegraph has reached out to Apple for an official comment regarding the exploit.

Telegram released an update in December 2022, enabling users to create accounts using blockchain-based anonymous numbers to increase privacy and security.

The feature requires users to purchase blockchain-powered anonymous numbers from the decentralized auction platform Fragment. User names and anonymous numbers sold on the platform are only compatible with Telegram, and are bought and sold using the app’s native The Open Network (TON) tokens.

In November 2022, Telegram founder Pavel Durov indicated that the platform would be building a host of decentralized tools and services following the collapse of Sam Bankman-Fried’s FTX cryptocurrency exchange.

Disclaimer: CryptoNewsBook is an online aggregator that fetches latest crypto news from different sources. This article is provided for general information purposes ONLY and contains data fetched from third party sources; hence, we do not endorse its accuracy. For more details, kindly visit The Source. Please report any fake news or false statement to Our Support Team. If you are the original owner of this content and wish it to be removed on this platform, kindly forward your request to Our Support Team.
Also Note: Cryptocurrencies are unregulated, and no part of this article should be understood nor interpreted as a recommendation/advice. #s1

Related Posts