Security researcher and web developer Kirill Firsov has found out the dangerous bug in Telegram for Mac OS. Every pasted message is logged to syslog, even in secret chats. It was written on Firsov’s official page in Twitter.
According to Pavel Durov, the problem is related only to Telegram Messenger for Mac OS, but not Telegram Desktop. Durov has also noticed that AppStore applications are sandboxes and can only write to syslog, not read it.
Firsov suggests imagining the situation when your computer is withdrawn by the police. You’re sure the secret chats are deleted. But at the same time your private data can be found in syslog.
Telegram usually pays for finding bugs in its applications, but Kirill Firsov has not been paid as the situation is inappropriate for it. It was necessary for him to inform Telegram sending the email to [email protected]. But Firsov decided to spread the word firstly.
The developer of the application Mikhail Filimonov told him in private correspondence that it would be corrected in the near future.