The two releases have more than 1.5 billion downloads between them, meaning the potential impact of someone discovering the vulnerability before it was patched could have been massive.Editing Your Recorded TikTok Audio/Video Compilation The flaw was present in both global versions of TikTok’s Android app. They then discovered they could use that vulnerability to access all the primary functions of an account, including the ability to post content and message other TikTok users. However, Microsoft found a way to bypass the verification process TikTok had in place to restrict deep links from executing certain actions. For instance, when you tap on a Twitter embed in Chrome and the Twitter app automatically opens on your phone as a result, that’s an example of the deep linking feature working as intended. On Android, developers can program their apps to handle certain URLs in specific ways. “TikTok responded quickly, and we commend the efficient and professional resolution from the security team.”Īccording to Microsoft, the vulnerability involved an oversight with TikTok’s deep linking functionality. “We gave them information about the vulnerability and collaborated to help fix this issue,” Microsoft’s Tanmay Ganacharya told The Verge. The good news is that the social media company promptly patched the vulnerability before today’s disclosure and Microsoft says it has no evidence of someone using it out in the wild. On Wednesday, the company’s 365 Defender Research Team detailed a one-click exploit it informed TikTok of in February. A serious vulnerability found by Microsoft in the TikTok Android app could have allowed hackers to hijack millions of accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |