![]() Microsoft uncovered 70 JavaScript methods actors could have leveraged after connecting to the app. However, Microsoft emphasized that exploitation would have required several issues to be chained together, including exposed JavaScript methods. ![]() To exploit the flaw, an attacker would send a phishing link to the targeted user, which if clicked would enable access to sensitive information. Researchers outlined a proof-of-concept attack and additional risks in the Microsoft blog post. ![]() In an email to TechTarget Editorial, TikTok said it had "discovered and quickly fixed a vulnerability in some older versions of the Android application." Microsoft said the TikTok vulnerability affected both versions of the Android app - the company has one version for East and Southeast Asia, and one for all other countries - which have more than 1 billion downloads through the Google Play store. While TikTok fixed the flaw and Microsoft confirmed it did not observe in-the-wild exploitation, the vulnerability heightened concerns over access to private data as well as the in-app browser functionality. In a blog post Wednesday, Microsoft detailed the TikTok vulnerability, tracked as CVE-2022-28799, which could enable threat actors to hijack accounts and publicize private videos, send messages and upload videos under the users' accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |