Threat actors exploited a zero-day vulnerability in the video-sharing platform TikTok to hijack high-profile accounts. The vulnerability resides in the direct messages feature implemented by the platform, reported<\/a> Forbes.<\/p>\n\n\n\n
“Our security team is aware of a potential exploit targeting a number of brand and celebrity accounts. We have taken measures to stop this attack and prevent it from happening in the future. We’re working directly with affected account owners to restore access, if needed.” TikTok spokesperson Alex Haurek told<\/a> Forbes. <\/em><\/p>\n\n\n\n
Haurek pointed out that the attacks compromised a very small number of accounts. <\/p>\n\n\n\n
Semafor first reported<\/a> that CNN\u2019s TikTok account had been hacked, forcing the broadcaster to take down its account for several days.
In August 2022, Microsoft researchers discovered<\/strong><\/a> a high-severity flaw (CVE-2022-28799<\/a>) in the TikTok Android app, which could have allowed attackers to hijack users\u2019 accounts with a single click. The experts stated that the vulnerability would have required the chaining with other flaws to hijack an account. Microsoft reported the issue to TikTok in February 2022, and the company quickly addressed it. Microsoft confirmed that it is not aware of attacks in the wild exploiting the bug.<\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0zero-day)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"