TikTok is a hot topic these days with politicians all over the Western World frothing at the mouth at the possibility of the Chinese app getting its hands on their citizens’ data. There are other security concerns that need to be taken seriously, however, such as the more traditional cybersecurity issues we regularly report on here at Softonic. Today we have news of a vulnerability in the TikTok app for Android that has been allowing attackers to secretly access users’ data. Let’s go through the details now:
It is a popular method for cybersecurity and antivirus specialists to raise the profile of their products by reporting on security vulnerabilities they have uncovered. This is even the same for security researchers at software giants like Microsoft. The Microsoft Defender 365 Research Team has released a report exposing a security vulnerability in the TikTok Android app that “could lead to one-click account hijacking”.
Fortunately, although the vulnerability was active for a period of time, it was quite complex and required a chain of multiple issues to occur at once, in order for the exploit to be taken advantage of. This means that the vulnerability has now been closed before any seeming exploits have been actioned.
This is great news because although it would have been difficult to exploit, the vulnerability was quite serious, with the Defender 365 team reporting:
“The vulnerability allowed the app’s deeplink verification to be bypassed. Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.”
Once again, a security issue is highlighting the need for vigilance when you are online. It is more important than ever to take care whenever you are clicking links or downloading files. As always in these cases, we recommend you refer to our phishing scam and fake link infographic every time you come across something suspicious.
Image via: Flickr
