Zero-Day Vulnerability in TikTok DMs Hijacks High-Profile Accounts

by | Jun 5, 2024 | News

Zero-Day Vulnerability in TikTok DMs Hijacks High-Profile Accounts

Post Views: 577




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

In a significant security breach, attackers have hijacked high-profile TikTok accounts, including those of Sony, CNN, and Paris Hilton, by exploiting a zero-day vulnerability in the platform’s direct messages (DMs) feature. This vulnerability allows attackers to compromise accounts by merely having the target open a malicious message, without the need for downloading payloads or clicking on embedded links.

Exploitation and Impact

The attack vector was first reported by Semaphor and subsequently covered by Forbes. It was discovered that the exploit requires no user interaction beyond opening the malicious DM. Affected accounts were promptly taken offline to prevent further abuse, and TikTok’s security team is actively working to secure the platform and restore access to the impacted users.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

TikTok’s Response

Alex Haurek, a TikTok spokesperson, confirmed the incident and stated that the company is taking measures to prevent such attacks in the future. While the number of compromised accounts is reportedly small, TikTok has not yet disclosed specific details about the vulnerability or the total number of affected users.

Historical Security Issues

This incident is not the first of its kind for TikTok. In August 2022, Microsoft uncovered a flaw in TikTok’s Android app that allowed account takeovers with a single tap. Previous vulnerabilities have also enabled attackers to bypass privacy protections, steal private user information, and manipulate user accounts.

Trending: Hide Payloads in PDF Files using Cobalt Strike Beacons




Trending: Offensive Security Tool: Genzai

TikTok’s User Base

Since its rise to prominence, TikTok has amassed over 1 billion users worldwide. The app has more than 1 billion downloads on Google’s Play Store and 17 million ratings on Apple’s iOS App Store, highlighting its vast and engaged user base.

When contacted by BleepingComputer for more information about the number of compromised accounts and the specific vulnerability exploited in the attacks, a TikTok spokesperson was not immediately available for comment.

Trending: CatDDoS Botnet Exploits Over 80 Vulnerabilities in Major Software and Devices

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This