Home > Cyber News > Bug in Telegram for macOS Exposed Users’ Secret Chats

Bug in Telegram for macOS Exposed Users’ Secret Chats

Bug in Telegram for macOS Exposed Users' Secret ChatsAre you using Telegram? If so, you should know that the messaging app fixed a privacy-related vulnerability in the macOS app. The bug made it possible to access self-destructing audio and video messages even after they were gone from secret chats.

Telegram contained a privacy vulnerability in its macOS app

The bug, discovered by Dhiraj Mishra, resided in version 7.3 of Telegram for macOS. Fortunately, the issue is already patched in version 7.4, which was released at the end of January.

“Telegram which has 500 million active users suffers from a logical bug exists in telegram for macOS (7.3 (211334) Stable) which stores the local copy of received message (audio/video) on a custom path even after those messages are deleted/disappeared from the secret chat,” the researcher wrote.

The researcher discovered that if a user opens Telegram on macOs to send a recorded audio or video message in a normal chat, the app would leak the sandbox path where the recorded message is stored in a “.mp4” file. If the user performs the same action in a normal chat, the message would be stored on the same path.

Mishra created a video proof-of-concept in which “the user receives a self-destructed message in the secret chat option, which gets stored even after the message is self-destructed.”

Telegram suffered a data breach in 2020

This is not the first case of Telegram being involved in a privacy incident. Last year, hackers accessed the internal databases of Telegram, and the personal information of millions of users.

The breach was discovered after the database and information about its contents was posted on an underground forum. The file contained the phone numbers of users alongside with their unique Telegram user IDs.

The breach was caused by a vulnerability in the application’s contact export feature, accessible when a new registration for a user is made. Threat actors were able to use it in order to hijack the information.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share