TikTok has fixed a number of security flaws

Many security flaws affect Internet services, and many are difficult to find and remove.

Check Point Research found a number of security flaws on TikTok and on its website, allowing an attacker to check someone else’s account, delete his videos, upload unauthorized videos, make private materials public, and disclose a user’s personal information, including private address and e-mail.

As TikTok is one of the most popular apps, that would be bad enough. But most worrying, is the large amount of security flaws found during this research.

In one of these flaws, bad actors were allowed to send SMS on behalf of TikTok.

“Please update the system immediately” was one of the received SMS, while the link contained in it was sending a malicious application.

As part of an error, an attacker was allowed to execute JavaScript code on behalf of the victim, and the combination of two other errors allowed an attacker to perform actions on the victim’s account without his consent.

There were other drawbacks, some of which required concrete amounts of technical knowledge to fix, but looking at the security level at TikTok is generally a bit strange.

Last year, TikTok has been in the spotlight, as the company that owns it has been collecting data from young users.

US military forces are banned from using the app, and TikTok has also violated many European laws.

Leave a Reply

Your email address will not be published. Required fields are marked *