Telegram had some major security vulnerabilities
The bugs were found in a new animated sticker feature
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Messaging appTelegramwas beset with vulnerabilities last year after one security researcher discovered 13 in the course of a single investigation. Writing for IT security firm Shielder, an individual known as “polict” also confirmed that all the security bugs have been responsibly reported to Telegram and subsequently fixed.
The Telegram vulnerabilities were initially discovered after investigating the source code for new animated stickers that thesecure messaging applaunched in 2019. The flaws allowed attackers to send malicious stickers to victims in order to gain access to privatemessages,photos, andvideos. Although the exploit was far from straightforward, there’s no guarantee that this would have discouraged sophisticated threat actors.
The 13 vulnerabilities included one heap out-of-bounds write, one stack out-of-bounds write, one stack out-of-bounds read, two heap out-of-bound read, one integer overflow leading to heap out-of-bounds read, two type confusions, and five denial-of-service flaws.
All patched up
“Before starting this research in 2019 I would have been pretty skeptical if you had asked me whether the following year I’d find a single memory corruption in Telegram,” polictwrote. “Today I shared with you the story of how I have found 13, some with a higher impact than others but all which were promptly fixed by Telegram for all the device families supporting secret chats: Android, iOS, and macOS. This research helped me understand once more that it’s not trivial to limit attack surfaces at scale in end-to-end encrypted contexts without losing functionalities.”
Following the discoveries, security researchers waited 90 days before informing Telegram of the security issues. They have since all been patched, following updates for theAndroid,iOS, andmacOSversions released in September and October of last year. Essentially, if you have updated your Telegram app within the last four months, you will be protected.
Although Telegram acted swiftly to patch the flaws, the vulnerabilities are still somewhat embarrassing for the messaging app. Telegram prides itself on theprivacyand security it can offer its users, making any security bugs particularly damaging to the app’s reputation.
ViaShielder
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace
