One of the world’s most popular smartphone apps, TikTok, had serious flaws that made users vulnerable to information exposure and partial account takeover.
Researchers at CheckPoint, a renowned cybersecurity company, identified the multiple vulnerabilities.
The SMS verification protocol that TikTok used to help users install the app was flawed and open for malicious manipulation. The platform was also vulnerable to Cross-Site Scripting, which enabled attackers to inject malicious scripts to target the users.
A combination of these two vulnerabilities opens the door to otherwise hidden personal information, including names, dates of birth and email addresses. Attackers could also manipulate app accounts and delete or post videos.
CheckPoint could not confirm if the vulnerabilities were actually exploited. However, the company said it collaborated with TikTok to fix the vulnerabilities.