Online Sales Guide Tips
+

Menu

Skip to content
  • Home
  • Our Services
    • Advertisement and Content Publishing
    • Contact Us to Publish
    • Sponsored Content
  • About
    • Disclaimer
    • Privacy Policy
    • Terms and Conditions
    • About Us

Microsoft Identifies TikTok Vulnerability Allowing One-Click Account Hijacking

admin September 19, 2022TikTok Securityaccount, Allowing, Hijacking, Identifies, Microsoft, OneClick, TikTok, Vulnerabilityadmin


Microsoft Identifies TikTok Vulnerability Allowing One-Click Account Hijacking



by Laurie Sullivan , Staff Writer @lauriesullivan, August 31, 2022

Microsoft’s security team has found a vulnerability in the TikTok Android app.


The 365 Defender Research Team on Wednesday explained in a post how the one-click exploit could have allowed hackers to hijack millions of accounts.


“The vulnerability, which would have required several issues to be chained together to exploit, has been fixed and we did not locate any evidence of in-the-wild exploitation,” the company wrote in a blog post. “Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link.”


Attackers could have accessed and modified users’ TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users, the company said.


Microsoft’s security team explains in the post that the vulnerability involved an oversight with TikTok’s deep-linking function.


The vulnerability allowed hackers to bypass the app’s deep-link verification function. Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.


Most marketers know, but for those who don’t, a deeplink is a hyperlink that links to a specific component in a mobile app and consists of a scheme and, usually, a host, Microsoft explains. When a deeplink is clicked, the Android package manager queries all the installed applications to see which one can handle the deeplink and then routes it to the handler of that link. (More explained here.)


“Performing a vulnerability assessment of TikTok, we determined that the issues were affecting both flavors of the app for Android, which have over 1.5 billion installations combined via the Google Play Store,” Microsoft said. 


Microsoft’s team informed TikTok in February. TikTok quickly responded by releasing a fix to address the reported vulnerability.


Microsoft’s security team found a vulnerability in the TikTok Android app — a one-click exploit that could have allowed hackers to hijack millions of accounts, the 365 Defender Research Team on Wednesday explained in a post.

 

MediaPost.com: Search & Performance Marketing Daily

(30)

Post navigation

← What will have the biggest impact on consumer holiday shopping? The Metaverse Hits An Impasse →

You may also Like

Productivity

12 Reasons Why You Should Schedule Free Time (And What To Do With It)

Tax Management

Tax Time Shows Shifts In Online Behavior, Device Use

Marketing Guide

Ramp Up Your E-mail Marketing For The Holiday Season

Marketing Strategy

Earning Histories and Your Marketing Strategy [Infographic]

Project Management

Using Side Projects to Develop New Skills

Competition Strategies

Search competition: Who are you really competing with?

Employee Productivity

Creating a Job Aid: 4 Steps for Improving Employee Productivity in 2021

Retail Industry

How to Increase Sales in Retail Online: 11 Effective Conversion Strategies

eCommerce Metrics

54 Top eCommerce KPIs to Monitor for Max Success

Marketing Campaigns

8 best practices for contextual campaigns

SEM & SEO

SEMrush

Recent Posts

  • What to say when someone compliments you at work
  • B2B marketers are drowning in data but starving for insight
  • Kalshi suspended three political candidates from its platform for insider trading
  • Lululemon appoints a Nike veteran as its new CEO
  • Google Automates Ad Security Risks

Pages

  • About Us
  • Advertisement and Content Publishing
  • Contact Us to Publish
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions

Proudly powered by WordPress | Child Theme by: Crayonux

Report Post

« »

 

Your Name:

Your Email:

Please tell us why do you think this post is inappropriate and shouldn't be there:


Cancel Report