Apple users of the Messenger Telegram were affected by a security vulnerability. This was in the secret chats offered by Telegram. In contrast to WhatsApp, Threema or Signal, conversations with Telegram are not end-to-end encrypted by default. This is only the case in the so-called secret chats. As an additional feature, Telegram also offers for these conversations to delete messages from the recipient after a timer set by the sender has expired. But that’s exactly where it got stuck, at least on the Mac.
Self-destructive messages did not self-destruct
A loophole that existed in the handling of conventional chats in Telegram on the Mac meant that secret conversations also had a security problem, as security researcher Dhiraj Mishra has proven. Self-destructing messages were not deleted after the timer set by the user had expired. Instead, the corresponding files remained on the recipient’s Mac.
Dhiraj Mishra demonstrated the problem in a video. The good news: The vulnerability has now been fixed.
The latest version of Telegram for Mac is no longer prone to this problem. All the details about the gap can be found in one corresponding blog post. Its discoverer received the equivalent of 3,000 euros for reporting the problem.
