Security News > 2024 > June > TikTok fixes zero-day bug used to hijack high-profile accounts

TikTok fixes zero-day bug used to hijack high-profile accounts
2024-06-04 21:57

Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature.

As Forbes reported today, the exploit used by the attackers to hack the accounts via DMs only needs the targets to open the malicious message and doesn't require downloading a payload or clicking embedded links.

"Our security team is aware of a potential exploit targeting a number of brand and celebrity accounts," TikTok spokesperson Alex Haurek told Forbes.

According to Haurek, the attackers have only compromised a very small number of TikTok accounts.

Most recently, the company patched an Android app flaw discovered by Microsoft in August 2022 that let hackers "Quickly and quietly" take over accounts with one tap.

The company also fixed vulnerabilities that enabled threat actors to hijack the accounts of users who signed up via third-party apps and compromise accounts to manipulate the owners' videos and steal their personal information.


News URL

https://www.bleepingcomputer.com/news/security/tiktok-fixes-zero-day-bug-used-to-hijack-high-profile-accounts/