Messaging app Telegram downplays severity of discovered camera exploit on Apple macOS devices. Software engineer Dan Revah exposes the exploit, allowing local privilege escalation via Telegram permissions. Injecting a dynamic library grants access to the camera, enabling recording and file saving.
Revah states the exploit bypasses terminal sandbox using a launch agent, potentially granting additional system privileges. Attackers could also access privacy-restricted areas.
Vaughn said that Telegram had executed changes that received approval from the Apple App Store late on May 16. He also added that users that downloaded the Telegram app directly from the messaging application’s website were not at risk.
Telegram released an update in December 2022, enabling users to create accounts using blockchain-based anonymous numbers to increase privacy and security.
The feature requires users to purchase blockchain-powered anonymous numbers from the decentralized auction platform Fragment. User names and anonymous numbers sold on the platform are only compatible with Telegram, and are bought and sold using the app’s native The Open Network (TON) tokens.