• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Account Hijacking Vulnerability Found In TikTok Android App
Security

Account Hijacking Vulnerability Found In TikTok Android App

September 5, 2022No Comments2 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Latest Hacking News
Share
Facebook Twitter LinkedIn Pinterest Email

Microsoft researchers discovered a serious vulnerability in TikTok that threatened user accounts’ security. Specifically, they found an account hijacking vulnerability in the TikTok Android app.

TikTok App Account Hijacking Vulnerability

As elaborated in a recent blog post, Microsoft’s research team analyzed the TikTok Android app and found an account hijacking vulnerability. The researchers explained that they examined the TikTok app “flavors” – com.ss.android.ugc.trill (for East and Southeast Asia) and com.zhiliaoapp.musically (for other regions) – and noticed the vulnerability affecting both versions.

Specifically, exploiting the flaw involves Android WebView exploitation via malicious JavaScript to execute various commands. An attacker could easily trigger the vulnerability by sending a malicious link to the target TikTok user. Then, if the recipient victim opens the link via TikTok, Android’s WebView would load the site. Consequently, the site could load the malicious JavaScript codes from its servers that would invoke the Java method.

The subsequent exposure of Java methods to the attacker permitted hijacking of the target TikTok account via WebView.

In a real-world scenario, an attacker exploiting this vulnerability could retrieve the target user’s authentication tokens, access account information, modify account details, and even access private videos.

The researchers have shared the technical details and the proof of concept for this attack in their post.

TikTok Patched The Flaw

Following this discovery, the researchers contacted the TikTok team to report the matter. This security issue has received the identification number CVE-2022-28799 and a severity score of 8.3. According to the bug description in a HackerOne report,

A WebView Hijacking vulnerability was found on the TikTok Android application via an un-validated deeplink on an un-sanitized parameter. This could have resulted in account hijacking through a JavaScript interface.

TikTok have since patched the vulnerability and released the fix with TikTok for Android version 23.7.3. TikTok released numerous subsequent updates to the app.

See also  Dell, Nvidia and VMware partner to boost data center speed

Source link

account Android app hijacking TikTok Vulnerability
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

The ChatGPT App Can Now Talk to You—and Look Into Your Life

September 25, 2023

TikTok Shop Has a Snail Slime Problem

September 20, 2023

Capitalizing On TikTok Trends: How Companies Stay Relevant

July 27, 2023

X Isn’t a Super App. It’s Just Twitter | Startup

July 24, 2023
Add A Comment

Comments are closed.

Editors Picks

Shocked By Disparities In Access To Clinical Trials, This Medical Student Decided To Change Things

October 1, 2022

Minecraft received’t permit NFTs and blockchain anytime quickly

July 24, 2022

Quantic Dream has been acquired by Netease Games — will continue to “operate independently”

August 31, 2022

My Strange Day With Bing’s New AI Chatbot

February 10, 2023

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.