![]() The injected Dylib makes the code run even before the Telegram app starts, giving it full access to certain features, including the camera. The researcher discovered that due to a lack of ‘Hardened Runtime’ on Telegram’s macOS app, it is possible to inject a malicious Dynamic Library (Dylib) on it using the ‘DYLD_INSERT_LIBRARIES’ variable. ![]() Telegram is one of those applications requiring access to the computer’s camera and microphone to accommodate the user’s communication needs, like video calls. ![]() Normally, Apple’s Transparency, Consent, and Control (TCC) mechanism manages access to protected areas and hardware such as the camera and microphone, and even administrators do not have access to them unless an application is granted that access. A Google security engineer has revealed that the Telegram application on macOS suffers from a vulnerability that could be exploited to gain unauthorized access to the device’s camera.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |