Microsoft researchers found a critical vulnerability in TikTok that threatened consumer accounts’ safety. Particularly, they discovered an account hijacking vulnerability within the TikTok Android app.
TikTok App Account Hijacking Vulnerability
As elaborated in a latest blog post, Microsoft’s analysis crew analyzed the TikTok Android app and located an account hijacking vulnerability. The researchers defined that they examined the TikTok app “flavors” – com.ss.android.ugc.trill (for East and Southeast Asia) and com.zhiliaoapp.musically (for different areas) – and seen the vulnerability affecting each variations.
The following publicity of Java strategies to the attacker permitted hijacking of the goal TikTok account by way of WebView.
In a real-world situation, an attacker exploiting this vulnerability might retrieve the goal consumer’s authentication tokens, entry account info, modify account particulars, and even entry personal movies.
The researchers have shared the technical particulars and the proof of idea for this assault of their publish.
TikTok Patched The Flaw
Following this discovery, the researchers contacted the TikTok crew to report the matter. This safety problem has obtained the identification quantity CVE-2022-28799 and a severity rating of 8.3. In line with the bug description in a HackerOne report,
TikTok have since patched the vulnerability and launched the repair with TikTok for Android model 23.7.3. TikTok launched quite a few subsequent updates to the app.