It's nice when an online service promptly fixes security flaws. But sometimes the bugs themselves are "eroticization of violence" mediaso egregious that you have to wonder what other dangers lurk in that code.
Case in point: video sharing app TikTok.
Security company Check Point Research found a number of security issues in the TikTok app and on its website, potentially allowing an attacker to control someone else's account, delete their videos, upload unauthorized videos, make private videos public and reveal a user's personal information, including their private email address.
TikTok being one of the most popular apps out there, this would be pretty bad. But, again, it's the amount and the type of bugs found that's more worrying.
One issue allowed bad actors to send an SMS message to any phone number in the name of TikTok. Basically, with some fairly simple code tweaking, an attacker could've sent an SMS of the type: "Please download this urgent update," with a link leading to a malicious app, and have the SMS actually arrivefrom TikTok. Ugh.
A different bug allowed an attacker to execute JavaScript code on behalf of the victim, and combining the two bugs allowed an attacker to perform actions on the victim's account without consent.
There were other bugs, and some required a fair amount of technical knowledge to exploit, but line them up and it feels like TikTok's security is, overall, more than a little sloppy.
"Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage further collaboration with security researchers," TikTok told BBC in a statement.
SEE ALSO: Samsung's new vertical 4K TV is perfect for...TikTok?The company said there's no indication that an attacker actually exploited any of these bugs prior to this disclosure.
TikTok made headlines last year when its owner, China's ByteDance, was fined by the FTC for illegally collecting children's data. The app was banned by the U.S. army due to cybersecurity concerns, and it's under investigation in the EU for how it handles children's data.
Topics Cybersecurity Social Media TikTok
Celtic vs. Bayern Munich 2025 livestream: Watch Champions League for free
There's a new massive clump of wet trash under London, heavier than 11 double decker buses
The 8 biggest questions we still have about Apple's new iPhones
'StarCraft' player appears to drunkenly harass woman on stream, gets banned
How to quit social media: This Gen Z
Apple iOS 11 has a hidden security feature that cops will hate
The new Apple Watch with LTE connectivity won't get you out of buying an iPhone
'StarCraft' player appears to drunkenly harass woman on stream, gets banned
Washington Wizards vs. Golden State Warriors 2025 livestream: Watch NBA online
Man wins Grindr with the ultimate opening chat
Miami Heat vs. Los Angeles Lakers 2025 livestream: Watch NBA online
Florida car dealership slammed on Yelp for parking cars in campus garages during Irma
Hands On: This is the Apple Watch's most important update yet
JetBlue offers $99 flights for evacuees returning to Florida
Winter storm: See snow totals for Florida, Texas and other states online
Ted Cruz just liked a super NSFW tweet and people are cringing so hard
Even Apple admits Face ID can't fully secure your sensitive data
There's a new massive clump of wet trash under London, heavier than 11 double decker buses
China just built the world's biggest floating solar project
'Last Week Tonight with John Oliver' renewed for three more seasons
Wine gifts under $20Intel and Warner Bros. are teaming up to build inPorgs were a 'nightmare' to work with, says 'Last Jedi' director Rian JohnsonBitcoin skeptics are getting louder and it's hard not to listenGoogle finally fixed its horrendous excuse for a burger emojiIntel and Warner Bros. are teaming up to build inRussia's latest space mission appears to have ended in failureThe 6 most infuriating things about 'Animal Crossing: Pocket Camp''Sims' players beautifully recreate the quaint town from 'Stardew Valley''Avengers: Infinity War' trailer: Watch Thor meet the GuardiansAustralian musician Kirin J. Callinan criticised for exposing himselfBitcoin skeptics are getting louder and it's hard not to listenFacebook's Mentorship and Support tool helps users reach their goalsJustice League v The Flash: Ezra Miller and Grant Gustin are both greatDavid Karp and all Tumblr employees use Gmail instead of Yahoo MailMarvel fans are baffled by new editor'Destiny' fans turn innocent tA woman is writing poignant poems to strangers based on their Twitter DMs'The Walking Dead' crossover: Lennie James' Morgan is moving to 'Fear'All I want for Christmas is this gay as hell nativity scene What was Sora trained on? Creatives demand answers. The internet has spoken, Macron has better English than Trump Here’s why you shouldn’t totally despair if the U.S. ditches the Paris Climate Agreement Amazon CEO tries to sell kids on working on the moon 'Monolith' review: An eerie sci J.K. Rowling sends massive F U to Trump over Paris Climate Agreement NYT's The Mini crossword answers for February 19 Air Canada loses court case after its chatbot hallucinated fake policies to a customer Trump just screwed the planet and the internet did not hold back Obama photographer Pete Souza on Trump: 'We failed our children' Here's why flamingos are so incredibly good at standing on one leg The real losers in Trump's NASA budget are kids and the Earth 'True Detective: Night Country' finale: Who killed the scientists? Meet OpenAI's Sora, a wild AI text This guy survives in the wild with nothing but a bunch of everyday tech gadgets Wordle today: The answer and hints for February 20 NYT's The Mini crossword answers for February 18 Neil deGrasse Tyson slams Trump's disdain for climate science Tinder to require IDs for verification checkmark 'True Detective: Night Country': What's the deal with the spirals?
2.1532s , 8264.890625 kb
Copyright © 2025 Powered by 【"eroticization of violence" media】,Openness Information Network