Monday, February 6, 2023
No Result
View All Result
Globe NewsWire
Advertisement
  • Home
  • News
    • USA
    • Europe
    • Australia
    • Africa
    • Middle East
    • Asia Pacific
  • Politics
  • Business
  • Health
  • Sports
  • Technology
  • Entertainment
  • Gossips
  • Travel
  • Lifestyle
  • Home
  • News
    • USA
    • Europe
    • Australia
    • Africa
    • Middle East
    • Asia Pacific
  • Politics
  • Business
  • Health
  • Sports
  • Technology
  • Entertainment
  • Gossips
  • Travel
  • Lifestyle
No Result
View All Result
Globe NewsWire
No Result
View All Result
Home Technology

A ‘excessive severity’ TikTok vulnerability allowed one-click account hijacking

by Globe NewsWire
August 31, 2022
in Technology
Reading Time: 4 mins read
A A
0
Share on FacebookShare on Twitter


A vulnerability within the TikTok app for Android might have let attackers take over any account that clicked on a malicious hyperlink, probably affecting tons of of thousands and thousands of customers of the platform.

Particulars of the one-click exploit had been revealed at present in a weblog publish from researchers on Microsoft’s 365 Defender Analysis Staff. The vulnerability was disclosed to TikTok by Microsoft, and has since been patched.

The bug and its ensuing assault, labelled a “excessive severity vulnerability,” might have been used to hijack the account of any TikTok consumer on Android with out their information, as soon as they clicked on a specifically crafted hyperlink. After the hyperlink was clicked, the attacker would have entry to all main capabilities of the account, together with the flexibility to add and publish movies, ship messages to different customers, and think about personal movies saved within the account.

The potential influence was enormous, because it affected all international variants of the Android TikTok app, which has a complete of greater than 1.5 billion downloads on the Google Play Retailer. Nevertheless, there’s no proof it was exploited at scale. Researchers concerned with the invention and disclosure praised TikTok for a fast response.

“We gave them details about the vulnerability and collaborated to assist repair this concern” Tanmay Ganacharya, companion director for safety analysis at Microsoft Defender for Endpoint, instructed The Verge. “TikTok responded shortly, and we commend the the environment friendly {and professional} decision from the safety workforce.”

Based on particulars printed within the weblog publish, the vulnerability affected the deep hyperlink performance of the Android app. This deep hyperlink dealing with tells the working system to let sure apps course of hyperlinks in a particular manner, corresponding to opening the Twitter app to observe a consumer after clicking an HTML “Observe this account” button embedded in a webpage.

This hyperlink dealing with additionally features a verification course of that ought to limit the actions carried out when an utility hundreds a given hyperlink. However the researchers discovered a approach to bypass this verification course of and execute a variety of probably weaponizable capabilities inside the app.

Considered one of these capabilities allow them to retrieve an authentication token tied to a sure consumer account, successfully granting account entry with out the necessity to enter a password. In a proof-of-concept assault, the researchers crafted a malicious hyperlink that, when clicked, modified a TikTok account’s bio to learn “SECURITY BREACH.”

A screenshot of a compromised account.
Microsoft

Fortuitously, the vulnerability was detected, and Microsoft has used the chance to emphasize the significance of collaboration and coordination between know-how platforms and distributors.

“As threats throughout platforms proceed to develop in numbers and class, vulnerability disclosures, coordinated response, and different types of menace intelligence sharing are wanted to assist safe customers’ computing expertise, whatever the platform or system in use,” wrote Microsoft’s Dimitrios Valsamaras within the weblog publish. “We are going to proceed to work with the bigger safety neighborhood to share analysis and intelligence about threats within the effort to construct higher safety for all.”

Though the TikTok app isn’t recognized to have suffered any main hacks up to now, some critics have branded it a safety danger for different causes.

Just lately, considerations have been raised over the extent to which US customers’ knowledge may be accessed by China-based engineers at ByteDance, TikTok’s mum or dad firm. In July, Senate Intelligence Committee leaders known as on FTC chair Lina Khan to research TikTok after stories introduced into query claims that US customers’ knowledge was walled off from the Chinese language department of the corporate.

TikTok had not responded to questions from The Verge by time of publication.



Source link

Tags: accountallowedhighhijackingoneclickseverityTikTokvulnerability
Previous Post

Chinese language police crack down on petitioners, dissidents forward of twentieth occasion congress — Radio Free Asia

Next Post

Dubai Esports Competition To Be Launched in November

Related Posts

Technology

Hogwarts Legacy Rekindles That Harry Potter Magic

by Globe NewsWire
February 6, 2023
Technology

MagSafe instances are coming for our Android telephones; carry them on!

by Globe NewsWire
February 6, 2023
Technology

Apple may introduce a pricier iPhone ‘Extremely’ in 2024

by Globe NewsWire
February 5, 2023
Technology

Telegram’s newest replace provides real-time message translation

by Globe NewsWire
February 5, 2023
Technology

A have a look at little-known UK-based fintech Transactive, which processes €1B+ month-to-month and has UK and Lithuania licenses, and questions on employees ties to scammers (Donal Griffin/Bloomberg)

by Globe NewsWire
February 5, 2023
Next Post

Dubai Esports Competition To Be Launched in November

A Draft for Russia’s Military? Putin Opts for Home Stability As a substitute.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Browse by Category

  • Africa
  • Asia Pacific
  • Australia
  • Business
  • Entertainment
  • Europe
  • Fashion and Lifestyle
  • Gossips
  • Health
  • Middle East
  • Politics
  • Sports
  • Technology
  • Travel
  • USA

Browse by Tags

Asia Biden Black Business Canberra China City Court COVID Cup Day Dead death Dies Diplomat Election Free home House killed Life Man News NPR People Police POLITICO President Radio Russia Russian Shooting South time Times top Trump Twitter U.S Ukraine war win World Year years
Globe NewsWire

Get the latest news and follow the coverage of breaking news, local news, national, politics, and more from the top trusted sources.

CATEGORIES

  • Africa
  • Asia Pacific
  • Australia
  • Business
  • Entertainment
  • Europe
  • Fashion and Lifestyle
  • Gossips
  • Health
  • Middle East
  • Politics
  • Sports
  • Technology
  • Travel
  • USA

LATEST UPDATES

  • Rising star Samara Pleasure wins Grammys for Finest New Artist, Finest Jazz Vocal Album
  • Liz Truss interview: 5 key issues to be careful for
  • Avalanches kill a minimum of 9, together with a youngster, in Italy and Austria as heavy snow hits the Alps
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2022 Globe NewsWire.
Globe NewsWire is not responsible for the content of external sites.

No Result
View All Result
  • Home
  • News
    • USA
    • Europe
    • Australia
    • Africa
    • Middle East
    • Asia Pacific
  • Politics
  • Business
  • Health
  • Sports
  • Technology
  • Entertainment
  • Gossips
  • Travel
  • Lifestyle

Copyright © 2022 Globe NewsWire.
Globe NewsWire is not responsible for the content of external sites.