User X (Twitter handle: @LizaFlux) shared a new vulnerability found in Telegram for Windows.

During file auto-loading, arbitrary code execution may occur. As an example, they demonstrated the opening of the calculator, but the code could be anything, including malicious.

The only solution at the moment is to disable auto-loading:

  1. Open Telegram Settings
  2. Go to the Advanced Settings section
  3. In the Media Auto-Download category, turn off all toggles next to photos, videos, and files. This needs to be done for both mobile data and Wi-Fi.

That’s it, you are protected from the vulnerability until Telegram fixes it.