Telegram Addresses Camera Exploit

Telegram has minimized the severity of a recently discovered exploit that granted researchers access to the camera systems of Apple macOS devices.

Dan Revah, a software engineer, disclosed the vulnerability in a blog post on May 15, detailing the method that allowed him to gain local privilege escalation and access a macOS user’s camera via permissions granted to an installed Telegram application.

The exploit would enable recording from the device’s camera and the ability to save the file by injecting a dynamic library into the user’s system.

Revah also asserts that the vulnerability enables an attacker to circumvent the sandbox of the terminal using a launch agent. By accessing privacy-restricted areas, an attacker could also gain additional privileges on the system.

Telegram was contacted to confirm whether its team had addressed Revah’s concerns and to determine the severity of the identified vulnerability.

Remi Vaughn, a representative for Telegram, stated that Telegram users are not at risk unless malware is installed on their systems:

“This situation has more to do with Apple’s permission security than it does with Telegram and can potentially affect any macOS app as a result. The real issue is that it seems to be possible to bypass Apple’s sandbox restrictions that were created specifically to prevent such abuse of third-party apps.”

Vaughn reported that Telegram had implemented alterations that were approved by the Apple App Store late on May 16.

He added that users who downloaded the Telegram app directly from the website of the messaging application were not at risk.

Telegram released an update in December 2022 that enables users to create accounts with anonymous blockchain-based numbers, thereby enhancing privacy and security.

Users must purchase blockchain-powered anonymous numbers from the decentralized auction platform Fragment to utilize this feature.

User names and anonymous numbers sold on the platform are only compatible with Telegram and are purchased with The Open Network (TON) tokens native to the Telegram app.

Following the collapse of Sam Bankman-Fried’s FTX cryptocurrency exchange, Telegram’s founder Pavel Durov announced in November 2022 that the platform would develop a variety of decentralized tools and services.