Security vulnerability found in TikTok put user activity at risk
A flaw in the TikTok app that could lead to potential identity theft attacks has been found and fixed by the officials.
The popular social media app TikTok has a vulnerability that security experts from Imperva have discovered recently. The flaw might have enabled threat actors to steal personal information from victims' devices for use in identity theft attacks or phishing. Luckily, it has been fixed immediately, but it is unclear if the flaw was exploited before it was discovered.
"This vulnerability, which has now been fixed, was caused by a window message event handler that does not properly validate the message origin, providing attackers access to sensitive user information," said Imperva. You can read the whole report here.
Due to improper message origin validation by a window message event handler, this vulnerability allowed attackers to access private user data. The researchers at Imperva said that the PostMessage API allowed attackers to send a malicious message to the TikTok web application that would bypass any security precautions. The company immediately contacted the TikTok security team, and they fixed the issue in no time.
TikTok and data security
TikTok is being criticized by many of the Western countries, including a couple of big companies too. The application is believed to leak sensitive information to the Chinese government. Countries like the United States, United Kingdom, or Australia previously banned the app from government devices, with Ireland joining the list a couple of days ago. Moreover, Italy issued a country-wide ban on ChatGPT, affecting all the citizens, which then increased VPN usage in the country.
Media companies like BBC or Denmark's public service broadcaster have also issued similar bans for company devices. Recently, Samsung was shaken by the in-house scandal as some of the sensitive information was leaked to ChatGPT. The South Korean tech giant has also imposed an AI ban on its staff to ensure the privacy and security of sensitive data.
Advertisement