We show you our visitors the most important and latest news in the following article:
With a malicious file … a dangerous vulnerability in the TikTok application on Android secretly robs you, today, Saturday, 12 September 2020, 5:08 a.m.
Session tokens are small files that keep the user logged in without having to re-enter their passwords, but in the event that these codes are stolen, the hacker gives access to the user’s account and stolen it without the need for a password.
The malicious application exploits vulnerabilities to plant a malicious file in the unprotected TikTok application, and as soon as the user opens the application, the malicious file runs invisibly in the background, and allows the application to access and send the tokens of the stolen session to the hacker’s servers.
The malicious app can also compromise the permissions of the TikTok app, allowing it to access the Android device’s camera, microphone, and private data on the device, such as: photos and videos.
The company that owns TikTok has patched the security flaws after being reported by Oversecured, and a TikTok spokesperson said, “As part of our ongoing efforts to build the safest and most secure platform in the industry, we are constantly working with third parties to find and fix bugs.” .