Telegram app vuln recorded anything macOS users pasted—even in secret

(credit: amalthya)

A bug in the Telegram Messager app logged anything its users pasted into their chats in its syslog on macOS, even if they had opted for the end-to-end encrypted “secret” mode.

The vulnerability was spotted earlier this month by Russian infosec operative Kirill Firsov, who directly and publicly challenged Telegram’s flamboyant founder and chief Pavel Durov about the app’s latest security flaw.

In an angry reply, Durov admitted that the vuln existed, but insisted it “applies only to texts that were copy-pasted from clipboard, and such texts are open to all other Mac apps anyway.”

Read 8 remaining paragraphs | Comments