TikTok has confirmed a zero-day vulnerability that attackers exploited to hijack a number of accounts belonging to celebrities and types. The attackers exploited an unspecified safety flaw within the social media app’s direct messages (DM) characteristic. The agency has managed to cease the assault however not earlier than a number of huge accounts fell prey to it.
TikTok zero-day vulnerability compromised a number of huge accounts
Zero-day vulnerabilities are safety flaws that do not need an official patch or lack public info detailing the flaw. On this case, a vulnerability in TikTok’s DM characteristic allowed attackers to hijack accounts by merely sending a message. The goal solely must open the malicious message. The exploit doesn’t require downloading any file or clicking any hyperlink. Opening the message is sufficient for a consumer handy their accounts to the attacker.
Over the previous week, attackers exploited this vulnerability to hijack a number of outstanding TikTok accounts, together with accounts belonging to Sony, CNN, and Paris Hilton. CNN was reportedly the primary account to fall prey to the assault. The compromised accounts have been subsequently taken down briefly, both by TikTok or the account holders, to forestall abuse. As of this writing, TikTok doesn’t appear to have patched the vulnerability however it has stopped the assault.
“Our safety group is conscious of a possible exploit concentrating on plenty of model and celeb accounts,” TikTok spokesperson Alex Haurek stated in a press release to Forbes. “We’ve taken measures to cease this assault and stop it from taking place sooner or later. We’re working immediately with affected account homeowners to revive entry, if wanted.” Haurek didn’t specify the variety of accounts compromised however stated it’s “a really small quantity.”
TikTok additionally has but to element the vulnerability that allowed attackers to hijack accounts so simply. It in all probability gained’t share extra particulars till the flaw is patched. That’s the usual observe with zero-day vulnerabilities. Particulars aren’t shared till the vast majority of customers have put in the patch. Hopefully, the momentary safety measures towards the flaw are sturdy sufficient to forestall additional assaults. TikTok customers ought to keep away from opening suspicious DMs.
TikTok has suffered account takeovers on quite a few events previously
This isn’t the primary time a TikTok vulnerability has led to account hijacks. The social media platform suffered comparable assaults on quite a few events previously. Most just lately, an Android app flaw allowed attackers to quietly take over accounts with a single faucet. TikTok has additionally had many different privateness points. It is best to all the time hold the app up to date and keep vigilant to keep away from privateness and safety points. You may replace the app from the Google Play Retailer.