Security scientists have found a large severity vulnerability in TikTok’s Android application which could enable attackers to remotely hijack consumer accounts.
Microsoft claimed CVE-2022-28799 to the social media large in February 2022, right after which TikTok promptly fastened the issue. Even though the application has an approximated 1.5 billion downloads on the Engage in Keep, the bug has not yet been exploited in the wild, Microsoft claimed.
By executing so, attackers can:
- Retrieve the user’s authentication tokens by triggering a request to a managed server and logging the cookie and the ask for headers
With total control above users’ accounts, attackers could transform their profile particulars, send messages, add videos and even publish personal films.
Some pieces of this post are sourced from: