Home > News content

Tiktok has fixed a security vulnerability in Android applications that may lead to account hijacking

via:cnBeta.COM     time:2020/9/13 13:04:07     readed:189

According to foreign media techcrunch,Tiktok has fixed four security vulnerabilities in its android app that could lead to user account hijacking.Oversecure, an application security startup company, has discovered these vulnerabilities, which may allow malicious applications on the same device to steal sensitive files such as session tokens from within tiktok applications. Session tokens are small files that allow users to log in without entering a password. If stolen, these tokens can allow attackers to access the user's account without a password.


Alibaba cloud launched a special special event for colleges and Universities: 0 yuan experience of entry cloud computing rapid deployment Entrepreneurship Project


The malicious application will use this vulnerability to inject a malicious file into the tiktok application. Once the user opens the application, the malicious file will be triggered, so that the malicious application can access and send the stolen session token to the attacker's server silently in the background.

Sergey Toshin, founder of oversecure, told techcrunch that the malicious app could also hijack tiktok's application rights and allow it to access Android device's cameras, microphones and personal data such as photos and videos on the device. The company posted technical details about the vulnerability on its website.

Tiktok said they fixed the vulnerabilities earlier this year after oversecure reported them.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments