Russian independent security researcher Kirill Firsov discovered the Telegram application for Mac OS logs every pasted message to syslog, even when users opt for end-to-end encryption in “secret” mode.
On July 23, researcher Firsov tweeted Telegram Founder and CEO Pavel Durov about the security flaw to which Durov acknowledged the flaw but dismissed it as a “minor bug.”
Durov said in a tweet that the flaw only applies to texts that were copy-pasted from clipboard and that such texts are open to all other Mac apps anyway.
“AppStore apps can NOT access syslog (starting 10.12 also true for unsigned apps). But ANY app can read your clipboard,” Durov added.
The Telegram exec promised to patch the flaw and on July 25 tweeted the flaw was fixed within minutes of learning about it.
The security flaw doesn’t affect Telegram’s Android or desktop apps.