Compliance Management, Privacy, Vulnerability Management

Telegram for Mac OS records everything pasted into app

Share

Russian independent security researcher Kirill Firsov discovered the Telegram application for Mac OS logs every pasted message to syslog, even when users opt for end-to-end encryption in “secret” mode.

On July 23, researcher Firsov tweeted Telegram Founder and CEO Pavel Durov about the security flaw to which Durov acknowledged the flaw but dismissed it as a “minor bug.”

Durov said in a tweet that the flaw only applies to texts that were copy-pasted from clipboard and that such texts are open to all other Mac apps anyway.

"AppStore apps can NOT access syslog (starting 10.12 also true for unsigned apps). But ANY app can read your clipboard," Durov added.

The Telegram exec promised to patch the flaw and on July 25 tweeted the flaw was fixed within minutes of learning about it.

The security flaw doesn't affect Telegram's Android or desktop apps.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.