• Home Page
  • About Us
  • Advertise
  • Contact Us
  • My Account

TechVisibility

  • Home page
  • News
  • Computing
  • Reviews
  • Apps
  • Gaming
  • Mobile
  • Audio
  • Video
  • Gadgets
  • FinTech
  • EV
  • More
    • Antivirus
    • Cameras
    • Cryptocurrency
    • NFT
    • Phones
    • Security
    • Smart Home
    • Software
    • Streaming
    • TVs
    • Wearables
    • Web hosting
    • What To Watch
You are at :Home»Apps»The Android Version For TikTok Has A Security Flaw According To Microsoft
Image Credit to Hello I'm Nik in Unsplash

The Android Version For TikTok Has A Security Flaw According To Microsoft

Noah Gravel 01 Sep 2022 Apps, Media, Security, Software, Streaming, Video Leave a comment 224 Views

Facebook Twitter linkedin Pinterest Tumblr WhatsAppt Telegram Email More
Image Credit to Solen Feyissa in Unsplash

Microsoft announced on Wednesday that it has recently discovered a flaw in TikTok’s Android app that may allow attackers to take control of users’ accounts with the simple click of a single malicious link.

Image Credit to Turag Photography in Unsplash

Microsoft conducted a vulnerability evaluation of TikTok and found that the problems were present in both Android versions of the app, which had amassed over 1.5 billion downloads through the Google Play Store. As part of our responsible disclosure policy, a Microsoft security researcher informed TikTok of the flaws in February 2022 via Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

Users can consult the CVE entry for additional details. TikTok swiftly replied by providing a fix to address the reported vulnerability, which is now known as CVE-2022-28799. The software developer claimed that TikTok was informed of the bug in February and that the Chinese social media platform had since patched it.

The flaw lay in the app’s verification of so-called deeplinks, which are hyperlinks used exclusively by Android devices to access particular parts of mobile apps. For example, when someone clicks on a TikTok link in a browser, the content is automatically launched in the TikTok app. Deeplinks must be defined in an app’s manifest for use outside of the app.

A URL domain’s validity can also be cryptographically verified by an app. For instance, TikTok for Android declares the domain m.tiktok.com. Typically, the TikTok app will permit WebView to load material from tiktok.com but prevent WebView from loading content from other sites.

“The vulnerability allowed the app’s deeplink verification to be bypassed. Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.”

Researchers

The researchers then produced a proof-of-concept exploit that carried out that exact action. It entailed delivering a malicious link to a specific TikTok user, who when clicked on it, downloaded the authentication tokens needed by TikTok servers for users to verify their account ownership. Additionally, the PoC link modified the targeted user’s bio to read “!! SECURITY BREACH!!”

Image Credit to Eyestetix Studio in Unsplash

The attacker’s server, https://www.attacker[.]com/poc, is given full access to the JavaScript bridge and can activate any accessible functionality once the targeted TikTok user clicks the attacker’s specially designed malicious link, according to the researchers.

The server of the attacker sends back an HTML page with JavaScript code that modifies the user’s profile biography and sends video upload tokens back to the attacker. Microsoft claimed it had no proof that the flaw had been actively used in the wild.

Read more articles here:

Twitter Acknowledged A Flaw In Its System Caused Data To Be Exposed

Microsoft Teams Security Flaw: Users Defenseless Against Cyberattacks

Hacking Microsoft discovers secuirty flaw in Tiktok Microsoft Tiktok single malicious link TikTok Tiktok Security Flaw TikTok Users TIktok's Android App 2022-09-01
Noah Gravel
Tags Hacking Microsoft discovers secuirty flaw in Tiktok Microsoft Tiktok single malicious link TikTok Tiktok Security Flaw TikTok Users TIktok's Android App

Author

Posted by : Noah Gravel
Noah is a tech writer for TechVisibility with a passion for tech products.
Previous Article :

Wonder How The HDR Contrasts With The Classic SDR Standard?

Next Article :

Nokia Launches 3 Affordable Phones With Eco-Friendly Features

Related Articles

French Open 2021 Tennis Live Stream: Watch The Action From Anywhere In The World

French Open 2021 Tennis Live Stream: Watch The Action From Anywhere In The World

Maria del Luna 30 May 2021
As Travel Returns, KKday Raises Its Series C Funding To $95 Million

As Travel Returns, KKday Raises Its Series C Funding To $95 Million

Pia Allen 15 Jul 2022
Activision Staff Leave Their Jobs To Support LGBTQ Rights And Abortion

Activision Staff Leave Their Jobs To Support LGBTQ Rights And Abortion

Noah Gravel 24 Jul 2022
Instagram Contact Limitation Can Enhance Privacy? Here’s How

Instagram Contact Limitation Can Enhance Privacy? Here’s How

Noah Gravel 18 Apr 2022
Various Cyber Attacks that will Harm your Website

Various Cyber Attacks that will Harm your Website

Azriel B 31 May 2021
Host Your Own Virtual Watch Party With These Sites

Host Your Own Virtual Watch Party With These Sites

Melissa P 13 Jun 2021

Leave a Reply

  • Facebook Comments
  • Disqus Comments (0)
Specify a Disqus shortname at Social Comments options page in admin panel

Subscribe to our Channel

YouTube Videos

Youtubevideo
Youtubevideo
Youtubevideo
Youtubevideo
Youtubevideo
Youtubevideo
Youtubevideo
Youtubevideo
Youtubevideo
Youtubevideo /p>

Advertisement


TechVisibility


2493 Technology Drive
Hayward, CA 94545
800-601-4491
contact@techvisibility.com

Follow us

Recent Posts

  • TD Lender get situation your an Internal revenue service Mode 1099 or other appropriate models reporting the worth of the advantage

    Maria del Luna 28 Jan 2023
  • Into the Significant Move, LDS Chapel Moves Right back Debatable Guidelines To your Lgbt Players

    Maria del Luna 28 Jan 2023

Advertisement

  • Terms & Conditions
  • Privacy Policy
  • Cookies Policy
  • Accessibility Statement
  • Advertise
  • About Us
  • Contact Us
  • Do not sell my info
  • YouTube Videos
  • My Account
Copyright 2021, All Rights Reserved
Developed By IdealVisibility.com
Posting....
Go to mobile version