The “new” critical vulnerability reportedly allows attackers to interfere with the management of user accounts and channels. According to the Russian newspaper Gazeta.ru, several people have already been hacked with his help.

The danger is exaggerated

The material quotes the head of the analytical company T. Hunter Igor Bederov. However, it was a little late. About a year.

The desktop version of Telegram has a vulnerability that allows injected third-party code to be launched when you follow the link.
– As proof, he said he shared a link to last year’s study that described the problem of many apps due to receiving non-standard URLs.

• The described error was typical for the Desktop version of the messenger. “sftp://”, “file://” and similar URL protocols are related to application handling.
• Such links can really contain anything, including malware.
• But in fact the problem is not Telegram specifically, but in general any program that supports such links.

The danger of the problem is exaggerated for several reasons:

• Telegram has long been fixed on the server side. Currently sftp:// links do not work and remain plain text.
• By default, Windows cannot even handle the “sftp://” protocol. To open such a connection, the user must have the appropriate software such as WinSCP.
• If the user clicks on such a link, the system will warn him that he will receive packets from an unknown server, which could be anything. Only after confirming the user can attackers use malicious code.

Therefore, we cannot talk about Telegram’s vulnerability today. Messenger no longer handles private connections. Therefore, the user will have to copy it and decide on the permission to process it with special programs. Remember to stay safe on the internet and not open links or files from strangers.

Meanwhile, similar code execution issues were found for one-click on Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin wallets, Wireshark, and Mumble.