Telegram addresses camera exploit, points to Apple macOS security permissions

Messaging application Telegram has played down the severity of an discovered exploit that allowed researchers to gain access to camera systems of Apple macOS users. 

Software engineer Dan Revah flagged the exploit in a blog post on May 15, outlining the method which allowed him to gain local privilege escalation to access a macOS user’s camera through permissions previously granted to an installed Telegram application.

By injecting a Dynamic Library into a user’s system, the exploit would allow recording from the device’s camera and the ability to save the file. Revah also claims that the exploit allows an attacker to bypass the Sandbox of the terminal using LaunchAgent. An attacker would also be able to gain more privileges to the system by accessing privacy-restricted areas.

Related: TON Telegram integration highlights synergy of blockchain community

Cointelegraph reached out to Telegram to ascertain whether its team had addressed concerns raised by Revah and the severity of the identified exploit. Telegram spokesperson Remi Vaughn said that Telegram users are not at risk by default, with the exploit requiring malware to be installed on their systems:

“This situation has more to do with Apple’s permission security than it does with Telegram and can potentially affect any macOS app as a result. The real issue is that it seems to be possible to bypass Apple’s sandbox restrictions that were created specifically to prevent such abuse of third-party apps.”

Vaughn said that Telegram had executed changes that are now awaiting approval from the App Store. He also added that users that downloaded the Telegram app directly from the messaging application’s website were not at risk.

Cointelegraph has reached out to Apple for official comment regarding the exploit.

Telegram released an update in December 2022 which enables users to create accounts using blockchain-based anonymous numbers in a move to increase privacy and security.

The feature requires users to purchase blockchain-powered anonymous numbers from decentralized auction platform Fragment. User names and anonymous numbers sold on the platform are only compatible with Telegram and are bought and sold using the app’s native The Open Network (TON) tokens.

Telegram founder Pavel Durov indicated that the platform would be building a host of decentralized tools and services in November 2022, following the collapse of Sam Bankman-Fried’s FTX cryptocurrency exchange.

Magazine: Ordinals turned Bitcoin into a worse version of Ethereum: Can we fix it?

All Dutch and English crypto news!

MUFG to facilitate Japanese bank-backed stablecoins via Progmat Coin platform

Megabank Mitsubishi UFJ Financial Group (MUFG) has announced that its stablecoin issuance platform "Progmat Coin" will soon be used by Japanese banks to launch Yen-pegged...

Net Bitcoin ATMs record an increase after 4 months of global downtrend

Breaking the year-long trend of declining Bitcoin (BTC) and crypto ATMs across the globe, May recorded a steep increase in net installations with nearly 1,400...

Microsoft pens AI cloud computing deal with former Ethereum miner CoreWeave: CNBC

Microsoft has reportedly signed a deal with former Ethereum miner CoreWeave to use its cloud computing infrastructure to support its Artificial Intelligence-powered services. According to a...

Crypto Biz: Six months on from FTX, Tether mines BTC, and Nvidia’s AI superchips

Just over six months after FTX's dramatic collapse, the crypto industry can finally begin analyzing the effects of the debacle. The quick ripple effect to...

Beste exchanges

Koop je crypto bij Bitvavo