Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News TikTok Patches Critical Account Takeover Bugs
#1
Brick 
In The Name Of Allah
Al-Salam Alekum

[Image: ?u=https%3A%2F%2Ftse1.mm.bing.net%2Fth%3...%3DApi&f=1]

Well, looks like nothing is safe nowadays, TikTok has been forced to patch several critical vulnerabilities which may have allowed hackers to hijack user accounts and steal personal data.


Quote:Check Point also discovered a cross-site scripting (XSS) vulnerability in an ads subdomain of the main TikTok site; specifically in a help center section. This could allow attackers to inject malicious JavaScript into the site to harvest personal user account info, the firm warned.

Quote:This could allow attackers able to find out a victim’s phone number to send them a custom malicious link, enabling them to take over an account and delete videos, post content and make private videos public.

The Source



Wa Salam Alekum
Rs
* Thankful to Allah *
Kurdy
Reply
#2
Things like this is why NoScript for Firefox is an extension worth having as it stops XSS. JS should also generally be disabled unless you really need it to display a page correctly, and also only allow what you need. AD Blockers are good too.
Reply
#3
(01-12-2020, 09:05 AM)Asbestosstar Wrote: Things like this is why NoScript for Firefox is an extension worth having as it stops XSS. JS should also generally be disabled unless you really need it to display a page correctly, and also only allow what you need. AD Blockers are good too.

NoScript is quite good but as it is for browsers not an andrdoid app that is the problem.
Rs
* Thankful to Allah *
Kurdy
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Sad News Critical RCE Bug in WordPress Plugin Let Hackers Gain Admin Access on 200,000 Website Mr.Kurd 0 82 04-01-2020, 11:19 AM
Last Post: Mr.Kurd
Question News Critical Remote Code Execution Bug in Linux Based OpenWrt OS Affects Millions of Netw Mr.Kurd 0 122 03-25-2020, 08:11 AM
Last Post: Mr.Kurd
Thumbs Down News Slack Vulnerability Allowing Account Takeovers Mr.Kurd 0 94 03-17-2020, 08:11 PM
Last Post: Mr.Kurd
Wink News Google patches Chrome zero-day under active attacks Mr.Kurd 0 142 02-25-2020, 06:09 PM
Last Post: Mr.Kurd
Exclamation News Mozilla Firefox 73 Browser Update Fixes High-Severity RCE Bugs Mr.Kurd 0 131 02-12-2020, 09:10 PM
Last Post: Mr.Kurd
Heart News Critical RCE & Spoofing Vulnerabilities in Microsoft Azure Cloud Let Hackers Compromi Mr.Kurd 0 137 01-31-2020, 07:32 AM
Last Post: Mr.Kurd
  News Urgent !! Windows User Urged to Patch A Critical Crypto Vulnerability on Windows 10 Mr.Kurd 1 138 01-15-2020, 11:38 AM
Last Post: poolclosed
Tongue News NASA Astronaut Accused of Hacking Bank Account From Space Mr.Kurd 0 188 09-25-2019, 01:26 PM
Last Post: Mr.Kurd
  News TalkTalk Hacker Paying 4000K: Popular IG Account Hijacked. Mad-Architect 0 224 08-19-2019, 02:04 PM
Last Post: Mad-Architect
  News Bugs in Qualcomm Chips: Could Enable Android Hacking Over The Air Mad-Architect 0 207 08-06-2019, 09:47 AM
Last Post: Mad-Architect



Users browsing this thread: 1 Guest(s)