computer Security

Telegram Self-destructing Audio and Video Files Not Deleted Files From Devices

Recently, Telegram has met with a security problem regarding video and audio. Here, the videos and audios were not being deleted from the user’s macOS devices as it was assumed.

We all know that Telegram gives the option to export videos with a “self-destruction” feature, through which it automatically gets deleted from the reception. The security expert has identified this flaw as CVE-2021-27204.

The experts asserted that in the case of Mac, the videos only remained hidden; in reality, it wasn’t deleted from the account. Telegram has 500 million active users, and all are suffering from a logical bug that exists in Telegram for macOS.

Technical Report

However, the experts have given a brief analysis on the technical report, initially, open Telegram for macOS and transfer recorded audio or video message in regular chat, here the application drops the sandbox path where the recorded message is saved in the “.mp4” file.

The security analyst, Dhiraj Mishra has transfered, an audio/video message in secret chat and he has noticed that the URI was not leaked, but the recorded audio/video message still gets stored in the path.

Passcode Saved in Plain Text

In the Secret Chat security issue, the security expert, Dhiraj Mishra has found that Telegram was collecting the user’s local passcodes so that it can unlock the app in plain text, and this flaw was identified as CVE-2021-27205.

But, the plaintext passcodes were collected in the Users/[username]/Library/Group Containers/ in the JSON file.

The security analyst, Dhiraj Mishra, has himself tested the vulnerability, and he proved that all messages were sent are still present in the memory after being deleted from the chat list.


Apart from this, Telegram apparently has saved the local passcode unencrypted in clear text under macOS. But, both the security gaps have affected version 7.3 of Telegram, but it was patched later in version 7.4.

Moreover, the computer scientist who has fixed the vulnerability has received a reward of 3000 euros from Telegram for fixing all the security holes. 

The second vulnerability was also discovered by Mishra, and this vulnerability saves the local passcode of the users so that they can unlock the app in cleartext.

But it was fixed in another Telegram version 7.4 for the Mac, and the experts who have fixed the vulnerability have also got a reward from Telegram.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

11 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

14 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

14 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

16 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

17 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

18 hours ago