Vulnerability fixed in Telegram for macOS

A vulnerability in Telegram for macOS checked links typed in secure chats by the background servers of the service. The vulnerability has been fixed in the newest version of the client.

Telegram among other instant messaging services generates a preview of links typed in to a chat window. This feature should not be used in secure chat, as all the traffic should be end-to-end encrypted and available only to the participants of the conversation.

Vulnerability coordination

The vulnerabilities were found by the developers of the uriteller.io service. NCSC-FI would like to thank uriteller.io and Telegram for participating in the coordination.

  • Servers and server applications
  • Workstations and end-user applications
  • Network devices
  • Mobile communications systems
  • Embedded systems
  • Others

Target

  • Workstations and end-user applications
Further information +

Attack vector

  • Remote
Further information on the access vector +

Impact

  • Obtaining of confidential information
Further information on the impact +

Remediation

  • Software update patch
Further information on the remediation +

Vulnerable software:

  • Telegram for macOS versions prior 2.28

Possible solutions and restrictive measures:

  • Update the vulnerable software according to vendor instructions

Further information:


Contact Information

NCSC-FI Vulnerability Coorination can be contacted as follows:

Email: vulncoord@ficora.fi

Please quote the advisory reference [FICORA #954654] in the subject line.

Telephone:

+385 295 390 230

Monday - Friday 08:00 – 16:15 (EET: UTC+2)

Post:

Vulnerability Coordination

FICORA / NCSC-FI

P.O. Box 313

FI-00181 Helsinki

FINLAND

NCSC-FI encourages those who wish to communicate via email to make use of our PGP key. The key is available at https://www.viestintavirasto.fi/en/informationsecurity/ficorasinformationsecurityservices/vulnerabilitycoordination.html

Update history

Key words: Information security , Vulnerabilities

LinkedIn Print

logo

The Finnish Communications Regulatory Authority (FICORA)

The National Cyber Security Centre Finland (NCSC-FI)

Itämerenkatu 3 A

P.O. Box 313

FI-00180 HELSINKI


Media contacts by telephone +358 295 390 248