![]() Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers. ![]() The vulnerability allowed the app’s deeplink verification to be bypassed. Attackers could have then accessed and modified users’ TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users. Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link. ![]() The vulnerability, which would have required several issues to be chained together to exploit, has been fixed and we did not locate any evidence of in-the-wild exploitation. Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click. Microsoft Purview Data Lifecycle Management.Microsoft Purview Information Protection.Information protection Information protection.Microsoft Priva Subject Rights Requests. ![]()
0 Comments
Leave a Reply. |