1. BITBILIHome
  2. Article

Messaging giant Telegram’s security breach exposes Mac users’ cameras

149 views

TL;DR Breakdown

  • Telegram downplayed the seriousness of an exploit that allowed researchers to access the camera systems of Apple macOS devices.
  • By injecting a dynamic library into a user’s system, the exploit could grant access to the device’s camera and enable the recording and saving of the files.
  • The introduction of blockchain-based anonymous numbers as a feature in Telegram further showcases the platform’s efforts to enhance user privacy. 

Messaging application Telegram downplayed the seriousness of an exploit that allowed researchers to access the camera systems of Apple macOS devices. The exploit was flagged by software engineer Dan Revah, who detailed the method in a blog post. By injecting a dynamic library into a user’s system, the exploit could grant access to the device’s camera and enable the recording and saving of the files. Revah also claimed that the exploit could bypass the terminal’s sandbox using a launch agent and gain additional system privileges. 

However, the spokesperson Remi Vaughn stated that Telegram users are not at risk by default, as the exploit requires malware to be installed on their systems. Vaughn attributed the issue to Apple’s permission security and the possibility of bypassing the sandbox restrictions meant to prevent abuse of third-party apps. The application made changes to address the exploit, and the updated version received approval from the Apple App Store. Users who downloaded Telegram directly from the app’s website were not affected. 

Telegram addresses the exploit

In a separate update, Telegram introduced a feature in December 2022 that allows users to create accounts using blockchain-based anonymous numbers to enhance privacy and security. This feature requires users to purchase blockchain-powered anonymous numbers from the decentralized auction platform Fragment. The usernames and anonymous numbers obtained from the platform are only compatible with Telegram. Telegram founder Pavel Durov also indicated in November 2022 that the platform would develop decentralized tools and services following the collapse of the FTX cryptocurrency exchange owned by Sam Bankman-Fried.

Additionally, the discovery of the exploit in Telegram highlights the ongoing challenge of balancing user privacy and security with the potential risks posed by vulnerabilities in software systems. While Telegram emphasized that its users were not at risk by default, the incident raises concerns about the overall security of messaging applications and the ability of attackers to exploit weaknesses in the underlying operating systems.

The response from Telegram, in addressing the exploit and working to make necessary changes, reflects the company’s commitment to maintaining the privacy and security of its users. By promptly implementing updates and obtaining approval from the Apple App Store, Telegram demonstrated its dedication to addressing potential vulnerabilities and protecting its user base.

The introduction of blockchain-based anonymous numbers as a feature in Telegram further showcases the platform’s efforts to enhance user privacy. By leveraging decentralized technology, Telegram aims to provide users with more control over their personal information and communication. This aligns with the growing trend of integrating blockchain and decentralized solutions to address concerns regarding data privacy and security.

As for Apple, the response from the company regarding the exploit is awaited. Given the gravity of the issue, it is likely that Apple will investigate the matter and take appropriate measures to address any vulnerabilities in its macOS operating system that may have enabled the exploit.

Overall, the incident serves as a reminder of the importance of regularly updating software, maintaining strong security measures, and being vigilant against potential vulnerabilities that could be exploited by malicious actors. It highlights the ongoing cat-and-mouse game between cybersecurity researchers and attackers, with companies like Telegram working to stay one step ahead to protect their users’ privacy and security.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:Messaging giant Telegram’s security breach exposes Mac users’ cameras

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年5月18日 16:08
Next 2023年5月18日 17:01

Related articles

  • China’s new dawn? Central bank pitches reform roadmap

    TL;DR Breakdown China’s central bank adviser suggests macroeconomic tweaks aren’t sufficient to rekindle growth; holistic structural reforms are needed. Liu Shijin emphasizes demand-side reforms like equal public services for migrant workers and supply-side changes to boost entrepreneurship in emerging sectors. Amid concerns of dwindling investor confidence, there’s a call for Beijing to ideologically and politically recognize private businesses. Description China, the colossal economic powerhouse, might be at a critical crossroads. The nation’s central bank adviser suggests that simply fiddling with macroeconomic policies won’t reignite its growth. Instead, a holistic structural reform, celebrating entrepreneurship and innovation, is the route to reviving the economic giant’s lost momentum. A Shift in Economic Winds Gone are the days … Read more China, the colossal economic powerhouse, might be at a critical crossroads. The nation’s central bank adviser suggests that simply fiddling with macroeconomic policies won’t reignite its growth. Instead, a holistic structural reform, celebrating entrepreneurship and innovation, is the route to reviving the economic giant’s lost momentum. A Shift in Economic Winds Gone are the days when Beijing had vast avenues to play with…

    Article 2023年9月26日

  • Movie star warns about the challenges and controversies surrounding AI

    TL;DR Breakdown Action Movie Star Arnold Schwarzenegger has doubled down on the challenges and controversies surrounding AI. Analysts discuss ethical considerations in AI-generated content. Description The potential threat posed by artificial intelligence (AI) has long been a prominent theme in science fiction, captivating audiences through Hollywood blockbusters. However, iconic movie star Arnold Schwarzenegger recently emphasized that this threat is no longer confined to the realm of imagination but has become a real concern. During a panel discussion at the Academy … Read more The potential threat posed by artificial intelligence (AI) has long been a prominent theme in science fiction, captivating audiences through Hollywood blockbusters. However, iconic movie star Arnold Schwarzenegger recently emphasized that this threat is no longer confined to the realm of imagination but has become a real concern. During a panel discussion at the Academy Museum of Motion Pictures, the movie star referred to the “Terminator” film franchise’s Skynet network as a cautionary example of the potential dangers associated with the rapid development of AI. Movie star warns about the influx of AI In the “Terminator” series,…

    Article 2023年7月5日

  • Dogecoin records 2 million transactions surpassing Bitcoin and Ethereum in 24 hours

    TL;DR Breakdown Dogecoin’s transaction activity has soared, hitting over 2 million daily transactions on May 27, 2023, outperforming Bitcoin and Ethereum. The value of new DRC20 tokens, or “Doginals,” is hard to determine due to reliance on OTC trades and a lack of indexed structure. Dogecoin’s hashrate has also surged by over 38%, indicating increased network strength and security Dogecoin has registered an unexpected transaction activity surge, with analysts and investors scrambling for explanations. After introducing DRC20 tokens, the digital currency has been witnessing a stunning leap in its daily transactions, shaking the foundations of the crypto world. On May 27, 2023, this blockchain underdog exceeded all previous records, boasting an astonishing 2 million-plus transactions within 24 hours. This significant rise in activity dwarfs those of crypto giants Bitcoin and Ethereum, 400,000-532,000 and a million transactions, respectively. An event that has certainly turned heads in a sector dominated by more well-established coins. Dubbed “Doginals,” these DRC20 tokens are reminiscent of Bitcoin’s BRC20 tokens and have catalyzed Dogecoin’s transaction growth. Due to a lack of an indexed structure akin to BRC20…

    Article 2023年5月31日

  • From Ledger woes to secure solutions: 3 hardware wallet alternatives every crypto investor must know

    TL;DR Breakdown Ledger’s recent back door reports have raised concerns among crypto investors. It is crucial for investors to explore alternative hardware wallet options to safeguard their digital assets. When choosing a hardware wallet, it’s essential to consider factors such as security features, ease of use, compatibility with cryptocurrencies, and reputation within the crypto community. Hardware wallets provide an extra layer of security by keeping private keys offline, protecting them from potential hacks or malware attacks. A contentious new feature has been implemented on all Ledger hardware wallet devices. The announcement sparked a frenzy on Crypto Twitter since yesterday. The functionality in discussion is Ledger Recovery, an ID-based private key recovery service that would allow users to back up their private seed phrase directly to their personal identity via three distinct custodians. What’s more? The service will cost $9.99 per month. Contents hide 1 Ledger comes under crypto scrutny 2 1. Trezor: A trusted name in hardware wallets 2.1 Key Features of Trezor: 3 2. KeepKey: Simplicity meets security 3.1 Key features of KeepKey: 4 3. BitBox: Cutting-edge security features…

    Article 2023年5月18日

  • Jimbos protocol offers deal to attacker following exploit

    TL;DR Breakdown Jimbos protocol has offered a deal to the attacker that stole $7.5 million from its platform. The platform is working with security agencies to fish out the attacker. In a recent incident, the team behind the decentralized finance (DeFi) application Jimbos Protocol has taken a unique approach to deal with an exploiter who drained $7.5 million from its treasury-owned liquidity pool. The team has offered the attacker a proposition: return 90% of the funds and keep the remaining 10%, or face potential prosecution and legal consequences. Jimbos asked the attacker to take the deal or face prosecution On May 28, the Jimbos team posted a message on the Ethereum network, stating that if 90% of the funds were returned, the attacker would not be prosecuted. Seeking a response, they later issued a second message on the same day, setting a deadline of “tomorrow by 4 PM UTC” for the return of the funds. The team emphasized that failure to comply would result in their collaboration with law enforcement agencies. Following the expiration of the deadline, the team announced…

    Article 2023年6月3日
TOP