![]() “Social media applications are highly targeted for vulnerabilities as they provide a good source of personal, private data and offer a large attack surface. “ Data is pervasive, and our latest research shows that the most popular apps are still at risk,” said Oded Vanunu, Check Point’s head of product vulnerability research. ![]() ![]() Check Point’s research team were able to exploit the vulnerability to extract personal data. The subdomain vulnerability left TikTok open to cross site scripting (XSS) attacks – a common form of attack in which cyber criminals inject malicious script into trusted websites. ![]() Hackers could also have used this method to force TikTok users onto a web server that they controlled, making it possible for them to send unwanted requests on the user’s behalf. The vulnerabilities centred on the SMS messaging system used by TikTok during the app download and sign-up process, and its subdomain.Ĭheck Point found that an attacker could easily send a spoofed SMS message to a user containing a malicious link which, if clicked, would have given them access to the user’s account and the ability to manipulate its content, for example by deleting videos, uploading unauthorised content, or making private content public.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |