Google engineer Dan Reva discovered a dangerous vulnerability in the version of Telegram messenger for macOS that activates the camera and microphone without the knowledge of the owner of the device. Portal reports Game Assistant.
The vulnerability allows an attacker to inject a malware-containing dynamic library (Dylib) inside Telegram for macOS. This allows the hacker to record video from the camera and save the recording in a hidden folder. The reason for this exploit is that the messenger does not use Apple’s built-in security mechanisms called Hardened Runtime and Authorizations.
It is stated that part of the blame for the existence of this vulnerability lies with Apple, as the company does not require the Hardened Runtime to be mandatory in macOS applications, but it is mandatory for iOS programs. Reva reported the current issue to Telegram management in February 2023, but still has not received a response.
Formerly socialbites.ca we talked about itthat you need to update your Google Chrome browser on time to protect your personal data.