Security News

A researcher has earned nearly $4,000 from TikTok after discovering a couple of vulnerabilities that could have been chained to hijack accounts. Muhammed Taskiran, a 20-year-old researcher based in Germany, informed TikTok in late August that a URL parameter on tiktok.com was "Reflecting its value without being properly sanitized."

TikTok has addressed two vulnerabilities that could have allowed attackers to take over accounts with a single click when chained together for users who signed-up via third-party apps. German bug bounty hunter Muhammed Taskiran discovered a reflected cross-site scripting security bug - also known as a non-persistent XSS - in a TikTok URL parameter reflecting its value without proper sanitization.

Instagram and TikTok social-media influencers Kelly Fitzpatrick and Sabrina Kelly-Krejci are among 13 defendants in a lawsuit filed by Amazon, which alleges that they participated in an an online scam to sell counterfeit luxury goods. Counterfeit goods are strictly forbidden in the Amazon marketplace, but generic products - often called "Dupes" - are allowed.

President Donald Trump's administration said Wednesday it was still working to resolve its security concerns over Chinese-owned app TikTok after the firm sought to delay a deadline to sell its US operations. On Wednesday, the US Treasury Department said in a statement it "Remains focused on reaching a resolution of the national security risks arising from ByteDance's acquisition of Musical.ly."

TikTok asked a Washington court Tuesday to stop an order from US President Donald Trump's administration from taking effect this week as the White House seeks to ban the Chinese-owned app in the United States. In its court petition, TikTok asked for more time, saying it has not received enough feedback on its proposed solution.

A US federal judge on Friday issued an injunction temporarily blocking an executive order by President Donald Trump aimed at banning TikTok, throwing up a legal roadblock ahead of a November 12 deadline. TikTok influencers suing the president over the ban convinced US District Court Wendy Beetlestone to issue the injunction against it.

US President Donald Trump's administration has insisted on the need to ban TikTok due to national security concerns in a new court filing ahead of a plan to make the video app unavailable on November 12. In September, a temporary injunction prevented the government from removing TikTok from mobile application download platforms.

TikTok announced this week that it has launched a public bug bounty program in collaboration with HackerOne. It's not uncommon for security researchers to find vulnerabilities in the TikTok app.

TikTok has expanded its vulnerability disclosure policy to include a global bug-bounty program through a partnership with the ethical hacker platform HackerOne. Hackers who find critical vulnerabilities in TikTok's platform can receive between $6,900 to $14,800 according to the program, which marks the first time TikTok has invited the public security community to analyze its platform for vulnerabilities.

With a ban of the app set to take place just before midnight on Sunday, a judge in the US District Court for Washington, D.C., earlier in the day found in favor of an injunction filed by TikTok owner ByteDance challenging an executive order from Donald Trump. Signed by Trump on Aug. 6, 2020, the order would have prohibited any US app store from distributing or maintaining the TikTok app, code, or updates.