Tiktok bug allows hackers to take over accounts with just one click
- Tram Ho
The Microsoft 365 Defender Research team reports that an annoying bug has been found on the Tiktok application for Android operating system. Fortunately, the “critical” bug labeled CVE-2022-28799 has now been fixed.
Tiktok bug could affect millions of users
Microsoft’s cybersecurity research team described the bug as a one-click exploit. Cybercriminals could take advantage of the security hole by fooling TikTok users with a “specially crafted link”.
With just one click, bad actors can instantly access other people’s TikTok accounts, which means they can see sensitive user information. Attackers can also make private videos public, send messages, and upload videos on behalf of tiktok account holders.
A representative of the Microsoft 365 Defender research team said: “The vulnerability allowed the application to bypass deep link verification. Attackers could force the application to load an arbitrary URL into the application’s WebView, then allow the URL to access the WebView’s attached JavaScript bridges and give the functionality to the attackers”.
Microsoft’s cybersecurity team added that TikTok has two variants based on the Android operating system: One for Southeast Asia and one for the rest of the world. The team analyzed both and discovered that the vulnerability affects “both versions of the application”. Collectively, they have over 1.5 billion installs through the “Google Play Store”.
Fortunately, to allay some users’ concerns, “there is no evidence that it has been taken advantage of by bad actors,” a TikTok spokesperson told The Verge.
As mentioned, TikTok has patched the security hole; The Microsoft 365 Defender team commended the quick resolution of the issue. “We commend the efficient and professional workaround from the TikTok security team,” the blog post reads. Although the exploit has been fixed, it is important that you use the latest version of TikTok. to make sure you’re using the most secure version of the app.
According to Laptopmag
Source : Genk