Security News > 2020 > September > TikTok Fixes Flaws That Opened Android App to Compromise

TikTok Fixes Flaws That Opened Android App to Compromise
2020-09-14 16:23

Researchers have disclosed four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party Android app.

Disclosure of the flaws come just as the owner of social-media platform have reportedly chosen Oracle as an American tech partner that could help keep the app running in the U.S.,on the heels of U.S. president Donald Trump threatening to ban the app over spying concerns.

Researchers scanned the app and found several vulnerabilities in the way that files are loaded into the app.

Xml file, which is a manifest file for app projects that describes essential information about apps to the Android build tools, the Android operating system, and Google Play.

"The library would have been written to the app's private directory and could have been loaded by the app even after the phone was rebooted or the app restarted. All vulnerabilities relating to arbitrary code execution would have lead to the app and its users becoming thoroughly compromised."


News URL

https://threatpost.com/tiktok-android-compromise/159208/