A malicious link would have been enough to take over a profile.
A vulnerability in the TikTok app for Android could have let attackers take over any account that clicked on a malicious link, potentially affecting hundreds of millions of users of the platform.from researchers on Microsoft’s 365 Defender Research Team. The vulnerability was disclosed to TikTok by Microsoft, and has since been patched.
The potential impact was huge, as it affected all global variants of the Android TikTok app, which has a total of more than 1.5 billion downloads on the Google Play Store. However, there’s no evidence it was exploited at scale. Researchers involved with the discovery and disclosure praised TikTok for a quick response.
This link handling also includes a verification process that should restrict the actions performed when an application loads a given link. But the researchers found a way to bypass this verification process and execute a number of potentially weaponizable functions within the app. “As threats across platforms continue to grow in numbers and sophistication, vulnerability disclosures, coordinated response, and other forms of threat intelligence sharing are needed to help secure users’ computing experience, regardless of the platform or device in use,” wrote Microsoft’s Dimitrios Valsamaras in the blog post. “We will continue to work with the larger security community to share research and intelligence about threats in the effort to build better protection for all.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
What are the pros and cons of Payable-on-Death accounts?These accounts allow you to pass assets without probate.
Read more »
A’s win first ever game at Nationals Park, now await phenom’s debutTop prize from Yankees trade will start Thursday’s game in Washington.
Read more »
Astros have contingencies should Justin Verlander miss actionNo update arrived Monday from the Astros on ace Justin Verlander, who left his start Sunday with a right calf injury and was scheduled to undergo an MRI on Monday’s off day. But a surplus of starters could absorb the blow if he has to skip a turn or two.
Read more »
Pakistan floods: Before and after satellite photos show the enormity of the devastationThe scope and severity of the flooding in Pakistan from two months of unusually heavy monsoon rains is drawing comparisons to the devastating rains of 2010. In some respects, it may exceed that benchmark.
Read more »
How J.Crew’s Olympia Gayot Nails Nonchalant DressingMeet J.Crew’s Olympia Gayot, the designer whose effortless style is going viral on TikTok.
Read more »
Opinion | 'Quiet quitting' hands managers a tool for undermining workersMost people can't afford to risk voluntarily making themselves vulnerable to being fired or laid off in a society with a weak social safety net, even when it is essential to scale back work for their physical and mental health.
Read more »