A dangerous vulnerability in Telegram remotely activates the camera and microphone on macOS
A dangerous bug was discovered in Telegram that allows attackers to activate the camera and microphone on laptops with macOS. This was announced by Google engineer Dan Reva, writes Forbes.
He discovered a vulnerability in the Telegram app for macOS and was able to bypass the TCC by giving unauthorized access to the user’s sensitive data and recording the user through the camera.
For his part, cyber security specialist Matt Johansen explained that this bug allows attackers to record video with sound from the camera and save the file in a hidden folder on the Mac. At the same time, recording can be done even if the corresponding permissions are disabled. The expert believes that this is possible because Telegram does not use the built-in Apple Hardened Runtime security mechanism.
It is noteworthy that a Google engineer reported this vulnerability back in February of this year. But the developers still haven’t removed it.
At the same time, Telegram assures that remote access to cameras and microphones is possible only if malicious software with root access is installed on the Mac. This situation is also real when using Telegram for macOS, which is downloaded from the App Store and an update with a fix is pending.
“If you downloaded the program from our site, it will not affect you,” Telegram warned.
It was previously reported that Telegram for macOS received a new Power Saving Mode, which should reduce the power consumption of the application. The innovation is available in version Telegram 9.4.1.