Red Security
News TikTok Patches Critical Account Takeover Bugs - Printable Version

+- Red Security (https://redsecurity.info/cc)
+-- Forum: General (https://redsecurity.info/cc/Forum-General)
+--- Forum: News (https://redsecurity.info/cc/Forum-News)
+--- Thread: News TikTok Patches Critical Account Takeover Bugs (/Thread-News-TikTok-Patches-Critical-Account-Takeover-Bugs)



TikTok Patches Critical Account Takeover Bugs - Mr.Kurd - 01-12-2020

In The Name Of Allah
Al-Salam Alekum

[Image: ?u=https%3A%2F%2Ftse1.mm.bing.net%2Fth%3...%3DApi&f=1]

Well, looks like nothing is safe nowadays, TikTok has been forced to patch several critical vulnerabilities which may have allowed hackers to hijack user accounts and steal personal data.


Quote:Check Point also discovered a cross-site scripting (XSS) vulnerability in an ads subdomain of the main TikTok site; specifically in a help center section. This could allow attackers to inject malicious JavaScript into the site to harvest personal user account info, the firm warned.

Quote:This could allow attackers able to find out a victim’s phone number to send them a custom malicious link, enabling them to take over an account and delete videos, post content and make private videos public.

The Source



Wa Salam Alekum



RE: TikTok Patches Critical Account Takeover Bugs - Asbestosstar - 01-12-2020

Things like this is why NoScript for Firefox is an extension worth having as it stops XSS. JS should also generally be disabled unless you really need it to display a page correctly, and also only allow what you need. AD Blockers are good too.


RE: TikTok Patches Critical Account Takeover Bugs - Mr.Kurd - 01-13-2020

(01-12-2020, 09:05 AM)Asbestosstar Wrote: Things like this is why NoScript for Firefox is an extension worth having as it stops XSS. JS should also generally be disabled unless you really need it to display a page correctly, and also only allow what you need. AD Blockers are good too.

NoScript is quite good but as it is for browsers not an andrdoid app that is the problem.