Vulnerabilities In TikTok Android App Could Allow Stealing Files

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

TikTok has once again made it to the news owing to security flaws. This time, the vulnerabilities affect the TikTok Android app. Exploiting the bugs could allow stealing files from the target device.

TikTok Android App Vulnerabilities

Researchers from the mobile app security service Oversecured have found multiple vulnerabilities in the TikTok Android app.

Describing the details in a blog post, the researchers explained that they found four high-severity flaws in the app.

Briefly, one of these vulnerabilities could let an attacker steal arbitrary files from the device. The flaw affected the com.ss.android.ugc.aweme.livewallpaper.ui.LiveWallPaperPreviewActivity. Exploiting the flaw required user interaction and could give read-only access to arbitrary files. As stated in the post,

An attacker could therefore gain access to any files stored in the app’s private directory, and also to history, private messages, and session tokens, resulting in complete access to the user’s account.

Whereas, the other three could allow the adversary for arbitrary code execution. These vulnerabilities affected three separate libraries that could load into an app via a malicious app. The library could then persist even after an app was deleted.

Hence, the attacker could then exploit it to execute arbitrary codes.

An attacker could do the same things that the TikTok app could based on its permissions: access user pictures and videos stored on the device, audio records and web browser downloads, record audio and video from the user’s microphone and camera without consent when the app is in use, and read contacts. All the data obtained could have been sent to the attacker’s server in the background without the user knowing, and then analyzed.

The researchers have shared the PoC for all exploits in their post.

TikTok Patched The Bugs Already

Upon discovering the flaws, Oversecured reach out to TikTok and shared the PoC with them. The researchers discovered the bugs earlier this year, and following their report, they patched all the flaws.

Quoting a TikTok spokesperson, Threatpost has shared the following statement from the vendors,

While the bugs in question would only pose a risk if a user had also downloaded a malicious application onto their Android device, we have fixed them. We appreciate the researcher reporting this issue to us so that we could fix it, and we encourage all of our users to download the latest version of the app.

Hence, the users are safe from any potential issues that may arise by exploiting these bugs. Nonetheless, all Android TikTok users should ensure that they have the latest app versions running on their devices.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!