1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • More than one billion TikTok users exposed to 'one-click account

    From TechnologyDaily@1337:1/100 to All on Thu Sep 1 22:15:05 2022
    More than one billion TikTok users exposed to 'one-click account hijacking'

    Date:
    Thu, 01 Sep 2022 20:56:00 +0000

    Description:
    A vulnerability in TikTok for Android put users at risk of account hijacking.

    FULL STORY ======================================================================

    A high-severity vulnerability in the TikTok Android application could have allowed accounts to be hijacked with a single click, Microsoft has revealed.

    In a paper published to the Microsoft Security blog, the company reported
    that a chain of issues could have been abused to create a scenario whereby an account could be compromised with a single press of a specially crafted link.

    Attackers could have then accessed and modified users TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users, explained Microsoft.
    TikTok security bug

    The vulnerability in question is said to have been present in all versions of the TikTok Android client, which have collectively been installed more than 1.5 billion times.

    The issue revolved around the apps implementation of JavaScript interfaces, which are used extensively across TikTok for Android. The report dives into the technical nitty gritty but, in essence, by exploiting the apps handling
    of JavaScript interfaces, in combination with the way Android routes URLs, Microsoft was able to demonstrate an account compromise.

    Mercifully, the researchers did not discover any evidence the vulnerability was exploited in the wild - and the issue was patched shortly after the issue was disclosed back in February. According to Microsoft, the TikTok security team should be commended for the swiftness and efficiency of its response. Read more

    Oracle is taking a close look at TikTok algorithms



    Our list of the best password managers on the market



    TikTok security chief steps down

    This case displays how the ability to coordinate research and threat intelligence sharing via expert, cross-industry collaboration is necessary to effectively mitigate issues, said Dimitrios Valsamaras, of the Microsoft 365 Defender Research Team.

    As threats across platforms continue to grow in numbers and sophistication, vulnerability disclosures, coordinated response, and other forms of threat intelligence sharing are needed to help secure users computing experience, regardless of the platform or device in use.

    Although the patch will already have made its way to the majority of TikTok-ers, concerned users can guarantee they are protected by updating
    their app to the latest version. Add an extra layer of protection to your accounts with the best security keys



    ======================================================================
    Link to news story: https://www.techradar.com/news/more-than-one-billion-tiktok-users-exposed-to-o ne-click-account-hijacking/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)