Telegram for MacOS writes secret messages into syslog

Telegram for MacOS writes secret messages into syslog

Russian security researcher Kirill Isis Firsov discovered vulnerability in a popular secure messaging program Telegram for MacOS. According to researcher’s tweet, the application logs all pasted into Telegram messages into syslog. This includes messages, pasted into secret chats.

This vulnerability may allow a local attacker to read all pasted texts, which were sent using Telegram. Vulnerability is confirmed by developer in the latest version of Telegram Messenger for Mac. Telegram Desktop is not vulnerable.

Syslog cannot be read by regular applications, installed from AppStore. However if there is malware on your device, it can elevate privileges and read those secret texts. And since this “feature” of Telegram was not documented anywhere, you cannot know that copies of all pasted texts are in syslog and can be accessible by unauthorized parties.

The developer of Telegram Mikhail Philiminov promised to the researcher, that this bug will be fixed in the next version of Telegram. On the meantime, we suggest cleaning your syslog files.

Back to the list

Latest Posts

Hackers exploit Discord invite system to spread info-stealers and RATs

Hackers exploit Discord invite system to spread info-stealers and RATs

The attackers hijacked expired or deleted vanity invite links on Discord, redirecting users to malicious servers.
16 June 2025
One of longest-running drug marketplaces Archetyp Market shut down in global police op

One of longest-running drug marketplaces Archetyp Market shut down in global police op

The 30-year-old alleged administrator, a German national, was arrested in Spain.
16 June 2025
Anubis ransomware adds destructive wiper module to its malware arsenal

Anubis ransomware adds destructive wiper module to its malware arsenal

The wiper is triggered by a command-line parameter labeled /WIPEMODE, which requires key-based authentication to activate.
16 June 2025