CyberNews Briefs

Microsoft Finds Account Takeover Bug in TikTok

Security researchers have reportedly identified a high severity vulnerability in the popular social media platform TikTok. The flaw affects the Android version of the app, and could allow attackers to remotely hijack user accounts. Microsoft first reported the vulnerability to TikTok in February 2022. After this exchange, TikTok promptly fixed the issue. The app has roughly 1.5 billion downloads on the Google Play Store. Microsoft reported that there is no evidence that the bug has been exploited in the wild yet. The flaw is tracked as CVE-2022-28799.

Microsoft explained that the flaw allowed for the app’s deeplink verification to be bypassed by an attacker, who could force the app to load an arbitrary URL to its WebView, which would then allow the attacker to access the JavaScript bridges and gain capabilities. Microsoft identified over 70 different exposed JavaScript methods. By exploiting the bug, attackers could perform several different capabilities such as retrieving the user’s authentication tokens and modifying or retrieving a user’s TikTok data.

Read More: Microsoft Finds Account Takeover Bug in TikTok

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.