Messaging application Telegram has played down the severity of an discovered exploit that allowed researchers to gain access to camera systems of Apple macOS users.
Software engineer Dan Revah flagged the exploit in a blog post on May 15, outlining the method which allowed him to gain local privilege escalation to access a macOS user’s camera through permissions previously granted to an installed Telegram application.
By injecting a Dynamic Library into a user’s system, the exploit would allow recording from the device’s camera and the ability to save the file. Revah also claims that the exploit allows an attacker to bypass the Sandbox of the terminal using LaunchAgent. An attacker would also be able to gain more privileges to the system by accessing privacy-restricted areas.
Related: TON Telegram integration highlights synergy of blockchain community
Cointelegraph reached out to Telegram to ascertain whether its team had addressed concerns raised by Revah and the severity of the identified exploit. Telegram spokesperson Remi Vaughn said that Telegram users are not at risk by default, with the exploit requiring malware to be installed on their systems:
Vaughn said that Telegram had executed changes that are now awaiting approval from the App Store. He also added that users that downloaded the Telegram app directly from the messaging application’s website were not at risk.
Cointelegraph has reached out to Apple for official comment regarding the exploit.
Telegram released an update in December 2022 which enables users to create accounts using blockchain-based anonymous numbers in a move to increase privacy and security.
The feature requires users to purchase blockchain-powered anonymous numbers from decentralized auction
Read more on cointelegraph.com