Telegram is once again in the spotlight. And not because of updates.
Information has emerged about a critical vulnerability with a CVSS rating of 9.8. This is almost the maximum. This means that theoretically, an attack is possible remotely, without a password and even without user involvement.
It sounds like a plot for a movie. But it’s not very funny anymore.
There’s a catch - such cases often look scarier on paper than in real life. I cannot confirm that this vulnerability is already being exploited or that it is as easy to exploit as described.
But the mere fact of its existence in ZDI means that the issue is potentially serious.
Developers have 120 days to fix it. After that, the details may become public. And that’s when the real fun begins - if the patch is not ready.
For the crypto community, this is a separate level of risk. Telegram is not just a messenger. It is infrastructure. Chats, signals, bots, wallets, accesses. This is $TON
And when such a platform receives a “critical” label, it is no longer a technical news item. It is a matter of asset security.
No panic. But also no illusions.
Sometimes the biggest vulnerability is the habit of trusting a tool that seemed safe.
If you want to see such risks before they become a problem - subscribe to @MoonMan567
