TikTok Vulnerable One Click Hijack

Vulnerability compromised from deeplinks, "content opened in TikTok appbrowsers"

These hyperlinks could exploit TikTok user's to attackers bypassing verification

Meaning that attackers could have leveraged to hijack a user's account without awareness

Attackers can steal data, modify users’ TikTok profiles, leak sensitive info, and more

Microsoft Researcher says, there are several issues to be chained together

"Targeted user may receive a crafted link, which could result in exploitation

"attackers could be using WebView and JavaScript bridges to grant access"

In example: "JavaScript bridges are the potential wide-reaching implications for security"

TikTok users should be aware of "clicking unknown links"

Microsoft reveal a proof-of-conceptWhere target TikTok user receives a malicious PoC link;

When clicked, the PoC link requires users to prove ownership of their account,

Thus attacker's server/poc, grants full access of user account with once click JavaScript

It gives attackers complete control over a user's profile, to do anything they want,

Click Here