Telegram Now Can Access Your Camera And Microphone. Is this true? Telegram, in a new update for Mac Malware, can now find its way to your camera and microphone.
The officials have fixed a security issue detected in its macOS app, available via the App Store. The detected susceptibility made it possible for malware to access a device’s camera and microphone, as per reports from Meduza.
Telegram tweeted on Tuesday that it has already eliminated the reported issues in a new update of the app it just submitted to Apple.
Software engineer Dan Revah revealed this problem first on Monday in a blog post.
The Latest Reports On Telegram
Matt Johansen, who is a computer security veteran who has worked with startups and “the biggest financial companies in the world,” broke down the issue in a Twitter thread. He tweeted that the issue in the Telegram macOS app was first discovered in February.
He tweeted that the issue in the macOS app was first discovered in February.
Johansen said
The weakness involves macOS’s Transparency, Consent, and Control (TCC) mechanism. This mechanism manages access to ‘privacy-protected’ areas in macOS, which Telegram’s vulnerability can exploit.
According to him, macOS Root users can never access the microphone and screen recording unless the app has “direct user consent or manually granted permissions.”
Nevertheless, the vulnerability in the macOS app was able to “sidestep” this security measure, which, according to Johansen, comes down to “Entitlements and Hardened Runtime.”
yo @telegram @smstelegram doesn't this page work anymore ? I am writing my issue daily but seems no solution and reply from telegram pic.twitter.com/hoN7X7u56A
— Preetam (@PreetamKuchlan) May 28, 2023
He also said
iOS requires an app to be signed with Hardened Runtime entitlement to be uploaded to the App Store. macOS doesn’t have this requirement. This loophole can potentially leave macOS apps more vulnerable.
According to Revah, the vulnerability was discovered on Feb. 2. He said that he contacted Telegram security about the issue, but they reportedly did not address it.
https://twitter.com/compsmag/status/1660946312752414720
The vulnerability was then reported to MITRE, a government-funded research organization specializing in cybersecurity and technical issues, and on February 26, it was reported to VINCE to get assistance in coordination with Telegram to fix the issue.
The grace period with VINCE ended on Monday, and everything was disclosed to the public. A more secure desktop version is now awaiting approval. The new version is expected to be soon made available for public usage.
