TikTok Security Flaw Allowed Hackers to Access All Your Information
Imperva cybersecurity researchers recently discovered a vulnerability in the widely used social media app TikTok. This flaw has the potential to allow attackers to extract sensitive data from targeted devices, exposing victims to identity theft, phishing, and blackmail.
The vulnerability, now rectified, resided in the app’s handling of incoming messages. The researchers explained that attackers could exploit this weakness by sending a malicious message via the TikTok web application using the PostMessage API, effectively bypassing existing security measures.
Upon receiving the message, the app’s event handler would process it and classify it as secure, thus granting the attacker access to valuable information.
By leveraging this vulnerability, malicious actors could acquire a wealth of valuable data. This includes user device information (such as device type, operating system, and browser), details about the videos viewed by the victim (including specific videos and the duration of each view), user account data (including usernames, videos, and other associated information), as well as search queries made on the app.
Source: Pro Pakistan