TikTok Vulnerable One Click Hijack
Vulnerability compromised from deeplinks, "content opened in TikTok appbrowsers"
These hyperlinks could exploit TikTok user's to attackers bypassing verification
Meaning that attackers could have leveraged to hijack a user's account without awareness
Attackers can steal data, modify users’ TikTok profiles, leak sensitive info, and more
Microsoft Researcher says, there are several issues to be chained together
"Targeted user may receive a crafted link, which could result in exploitation
TikTok users should be aware of "clicking unknown links"
Microsoft reveal a proof-of-conceptWhere target TikTok user receives a malicious PoC link;
When clicked, the PoC link requires users to prove ownership of their account,
It gives attackers complete control over a user's profile, to do anything they want,