A problem with the TikTok app for Android OS, Hijacking accounts with a malicious link. Anyone who clicks on the address can give hackers permission to post videos, send messages and edit profile details. Hundreds of millions of social network users may have been affected.
Researchers from Microsoft’s 365 Defender team detailed the vulnerability on Wednesday, classifying the attack as “high severity.” They informed TikTok, which quickly fixed the problem. Fortunately, there is no evidence that the bug has been exploited.
Social network spokesperson Maureen Shanahan stressed that the issue was quickly discovered thanks to the partnership with Microsoft security officials. “We thank the Microsoft researchers for their efforts to help identify potential problems so we can resolve them.”
The vulnerability impact on TikTok had great potential as it affected all app variants of the Android platform. In the Google Play Store, the social network has more than 1.5 billion downloads.
how was the mistake
Microsoft security researchers announced that the vulnerability affects deep link functionality within the application. There is usually a verification process to restrict the actions taken when the application loads the address.
In the case of the TikTok bug, the researchers noted the possibility of bypassing this process and performing functions on the platform. One of them allowed the recovery of an authentication token tied to a user’s account.
Thus, access to the profile was provided without the need for a password. While testing the attack, the researchers created a malicious link. When accessed, it changed the account bio to “Security Breach”.
Source: Tec Mundo
