Pavel Durov, the founder of Telegram, refuted the findings of a Google specialist who earlier this week reported on a potential vulnerability in Telegram for macOS. According to Durov, there is no vulnerability in the application, and the media are chasing high-profile headlines.
Reva, an engineer at Google, spoke about the problem, which received the identifier CVE-2023-26818, at the beginning of this week. He explained that the bug could allow malicious actors to implement a dynamic library in Telegram for macOS, implement local privilege escalation and access the camera and microphone through permissions that were previously set in Telegram.
Durov clarified that the issue was only relevant for Apple devices already infected with malware with root access, and was also present only in the version of Telegram downloaded from the AppStore. He also noted that the patch is already under consideration by Apple, which means that the version in the AppStore will soon be fixed.
In conclusion, Durov emphasized that there was no vulnerability in Telegram for macOS, and the media were only chasing high-profile headlines.
