In the TikTok Android app, Microsoft has described a high-severity weakness that might have enabled a hacker to take over an account by luring users into clicking on a link.
The bug’s current identification is CVE-2022-28799. According to Microsoft, the flaw has not yet been exploited by the public, despite the app having an estimated 1.5 billion downloads on the Play Store. Microsoft advises all TikTok users on Android to upgrade the app to the most recent version while it is being patched.
Threat actors could execute authenticated HTTP queries or access or modify the private information of TikTok users using the ways that were publicly disclosed.
In essence, attackers who would have been successful in exploiting this vulnerability might have easily:
- Retrieved the users’ authentication tokens by triggering a request to a server under their control and logging the cookie and the request headers.
Only about a month after Microsoft first revealed the security flaw, TikTok version 23.7.3 was launched with a patch to address the CVE-2022-28799 tracking number.
Attackers with complete access to users’ accounts could modify their profile information, send messages, upload movies, and even post private videos.
Tiktok has also fixed further security vulnerabilities that might have let hackers steal customers’ personal details or take over their accounts to tamper with footage.
Read the full article here