📱 2022-09-06 06:13:05 – Paris/France.
Don't panic, it's long been fixed now, but Android users should really think twice before clicking on links in the TikTok app after security flaws were discovered that made it ridiculously easy to steal their apps. other accounts with a simple link. Although this has been resolved for now, it is still a good idea not to click on unknown links. And with such a simple feat, it's a good reminder to always be vigilant out there.
According to BleepingComputer, (opens in a new tab) Microsoft reported the flaw to TikTok in February, but given the potential severity, it's not too surprising we haven't heard about it until now. With a well-crafted malicious link, more than 70 JavaScript methods could be used to access the app's web view, which is only used by the Android app.
From there, those with malicious intent can wreak all kinds of havoc on users' accounts. They can edit and view almost any data, including profile settings and private videos. Due to the ability to make authenticated requests through the webview, it's by no means an exaggeration to say that they could completely take over the account.
"Attackers could have exploited the vulnerability to hijack an account without users' knowledge if a targeted user had simply clicked on a specially crafted link," said Dimitrios Valsamaras of the Microsoft 365 Defender research team (opens in a new tab), adding: “Attackers may have then accessed and modified TikTok profiles and sensitive information of users, for example by posting private videos, sending messages and uploading videos on behalf of users.
Tips and advice
(Image credit: future)
How to buy a graphics card (opens in a new tab): Tips for buying a graphics card in the barren silicon landscape in 2021
The surprising, but good news is that it appears the flaw doesn't appear to have actually been exploited when it was active, which is exactly why it was likely kept secret until patched. . And it looks like TikTok fixed the problem, in between trying to access games (opens in a new tab).
Microsoft's investigations found no evidence of an attack using the link exploits, so hopefully it wasn't discovered by bad actors at the time. Although given TikTok's young audience, it might just be that not clicking on weird links online has finally become common sense.
TikTok, like all apps, is by no means a perfect example of security and it's always wise to keep an open mind on the internet. Keep unclicking those links while you enjoy your crazy dancing, angry emus, and huskies singing with saxophones (opens in a new tab).
SOURCE: Reviews News
Do not hesitate to share our article on social networks to give us a solid boost. 👓