More than one billion TikTok users exposed to ‘one-click account hijacking’ By Mobile Malls September 1, 2022 0 259 views A high-severity vulnerability within the TikTok Android software may have allowed accounts to be hijacked “with a single click on”, Microsoft has revealed.In a paper (opens in new tab) printed to the Microsoft Safety weblog, the corporate reported {that a} chain of points may have been abused to create a state of affairs whereby an account could possibly be compromised with a single press of a specifically crafted hyperlink.“Attackers may have then accessed and modified customers’ TikTok profiles and delicate info, akin to by publicizing non-public movies, sending messages, and importing movies on behalf of customers,” defined Microsoft.TikTok safety bugThe vulnerability in query is alleged to have been current in all variations of the TikTok Android consumer, which have collectively been put in greater than 1.5 billion instances.The problem revolved across the app’s implementation of JavaScript interfaces, that are used extensively throughout TikTok for Android. The report dives into the technical nitty gritty however, in essence, by exploiting the app’s dealing with of JavaScript interfaces, together with the way in which Android routes URLs, Microsoft was in a position to exhibit an account compromise.Mercifully, the researchers didn’t uncover any proof the vulnerability was exploited within the wild – and the problem was patched shortly after the problem was disclosed again in February. In keeping with Microsoft, the TikTok safety crew ought to be counseled for the swiftness and effectivity of its response. “This case shows how the flexibility to coordinate analysis and menace intelligence sharing through skilled, cross-industry collaboration is critical to successfully mitigate points,” stated Dimitrios Valsamaras, of the Microsoft 365 Defender Analysis Staff.“As threats throughout platforms proceed to develop in numbers and class, vulnerability disclosures, coordinated response, and different types of menace intelligence sharing are wanted to assist safe customers’ computing expertise, whatever the platform or machine in use.”Though the patch will have already got made its approach to the vast majority of TikTok-ers, involved customers can assure they’re protected by updating their app to the newest model.Add an additional layer of safety to your accounts with the most effective safety keysShare this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)MoreClick to print (Opens in new window)Click to email a link to a friend (Opens in new window)Click to share on Reddit (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Tumblr (Opens in new window)Click to share on Pinterest (Opens in new window)Click to share on Pocket (Opens in new window)Click to share on Telegram (Opens in new window)Click to share on WhatsApp (Opens in new window)