If you use Telegram on Mac, you should upgrade to its latest version (7.4) as the company fixed two critical bugs that could affect your privacy. These vulnerabilities included storing self-destructing messages locally even after they are deleted and saving the app’s passcode in plaintext.
Security researcher Dhiraj Mishra found these bugs in Telegram’s stable macOS client (version 7.3) and reported them to the firm in December. Telegram patched them in the latest release of the app that was rolled out in January.
Telegram allows you to send self-destructing messages in a secret chat. Ideally, the app should delete text, image, audio, or video that you sent after the specified time in this mode. However, Mishra found that because of a bug, media files were still present in the local system of the receiver, even after they were deleted from the desktop client. To be clear, the file is stored on both ends if the sender and receiver are using the macOS app.
The app also allows you to lock it through a passcode, so other users on the system can’t see your messages. However, Mishra found that Telegram was storing this code in plain text in a local file. So, there was a danger of someone accessing that file and unlocking the app.
Get the TNW newsletter
Get the most important tech news in your inbox each week.