Site icon News Update

Microsoft spots TikTok bug that could expose private videos of millions

Microsoft spots TikTok bug that could expose private videos of millions

Microsoft 365 Defender Research Team has discovered a vulnerability in the TikTok that can let hackers take over private, short-form videos of millions of users once they clicked on a malicious link. The bug was spotted in Android app.

Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click. The vulnerability, which would have required several issues to be chained together to exploit, has now been fixed by the Chinese company.

“Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link,” the tech giant said in a statement late on Wednesday.

Attackers could have then accessed and modified users’ TikTok profiles and sensitive information, such as by publicising private videos, sending messages, and uploading videos on behalf of users. TikTok has two versions of its Android app: one for East and Southeast Asia and another for the remaining countries. Performing a vulnerability assessment of TikTok, the Microsoft team determined that the issues were affecting both versions of the app for Android, which have over 1.5 billion installations combined via the Google Play Store.

After carefully reviewing the implications, a Microsoft security researcher notified TikTok of the issues.

“TikTok quickly responded by releasing a fix to address the reported vulnerability, now identified as CVE-2022-28799, and users can refer to the CVE entry for more information,” said Microsoft. TikTok users are encouraged to ensure they’re using the latest version of the app, it added.

Recently, Indian Computer Emergency Response Team (CERT-In) has cautioned against multiple vulnerabilities in Mozilla Firefox browser that can allow hackers to compromise devices’ security systems. In its advisory, CERT-In says that the bugs in Mozilla Firefox browser could allow a remote attacker to bypass security restrictions, execute arbitrary code and cause denial of service attack on the targeted system.

(With inputs from IANS)

Catch all the Technology News and Updates on Live Mint.
Download The Mint News App to get Daily Market Updates & Live Business News.

More
Less

Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

Post your comment
First article

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@newsupdate.uk. The content will be deleted within 24 hours.
Exit mobile version