TikTok fixes zero-day bug used to hijack high-profile accounts

TikTok fixes zero-day bug used to hijack high-profile accounts

June 4, 2024 at 05:59PM

Multiple high-profile TikTok accounts were hijacked by attackers exploiting a zero-day vulnerability in the platform’s direct messages feature. Victims included Sony, CNN, and Paris Hilton. The exploit required targets to open a malicious message, without needing to download a payload or click on embedded links. TikTok is working to restore access and prevent future attacks.

From the meeting notes, it’s clear that multiple high-profile TikTok accounts were hijacked due to a zero-day vulnerability in the direct messages feature. Attackers were able to exploit this vulnerability without requiring the targets to download a payload or click on embedded links. The affected accounts belonged to companies like Sony and CNN, as well as celebrities like Paris Hilton.

TikTok’s spokesperson, Alex Haurek, acknowledged the potential exploit and confirmed that the security team is working to prevent future attacks. However, the company has not disclosed the exact number of impacted users or the details of the exploited vulnerability until it is fixed.

Additionally, it was highlighted that this is not the first security flaw to impact TikTok users, with previous vulnerabilities allowing hackers to take over accounts and steal private user information. TikTok, with over 1 billion users, has faced security challenges in the past, including the need to patch flaws in both the Android app and the platform’s privacy protections.

Currently, more detailed information on the compromised accounts and the exploited vulnerability is not immediately available from TikTok’s spokesperson.

Full Article