Warning: getimagesize(): http:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/tvoitete/voiceofthe.net/wp-content/plugins/td-cloud-library/shortcodes/header/tdb_header_logo.php on line 786

Warning: getimagesize(http://voiceofthe.net/wp-content/uploads/2020/08/Voice-Of-The-Net-logo-300x50.png): failed to open stream: no suitable wrapper could be found in /home/tvoitete/voiceofthe.net/wp-content/plugins/td-cloud-library/shortcodes/header/tdb_header_logo.php on line 786

Warning: getimagesize(): http:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/tvoitete/voiceofthe.net/wp-content/plugins/td-cloud-library/shortcodes/header/tdb_header_logo.php on line 786

Warning: getimagesize(http://voiceofthe.net/wp-content/uploads/2020/08/Voice-Of-The-Net-logo-300x50.png): failed to open stream: no suitable wrapper could be found in /home/tvoitete/voiceofthe.net/wp-content/plugins/td-cloud-library/shortcodes/header/tdb_header_logo.php on line 786

Microsoft Has Discovered A Critical Vulnerability In TikTok For Android 

Security researchers revealed they have discovered a huge security hole in TikTok that has affected every user who has downloaded the app on Android devices around the world.  But if there’s any persistent indication that users were affected by this “high-severity” security exploit, TikTok says nothing.

To steal an account, it was enough for the user to click on a malicious link.  The attackers could then access the profile, change the data in it, and upload confidential information.

Account theft was possible because hackers could force an application to load an arbitrary URL into a WebView, and this would give access to connected WebView JavaScript bridges.

A Microsoft security researcher notified TikTok of the issues in February 2022. The company quickly responded by issuing a patch to address the discovered vulnerability, identified as CVE-2022-28799 with a score of 8.3.

Exploitation of the vulnerability depends on the application’s implementation of JavaScript interfaces, which are provided by a component of the Android operating system called WebView. WebView allows applications to load and display web pages, and through the addJavascriptInterface API call, it also provides bridging functions that allow JavaScript code on a web page to call certain Java methods of a particular class in the application. Loading untrusted web content into a WebView with application-level objects accessible through JavaScript code makes the application vulnerable to JavaScript injection, which can lead to data leakage, data corruption, or arbitrary code execution.

Latest articles

Powerful ZTE Axon 60 Ultra With Satellite Connectivity Introduced

ZTE introduced a new product in China with flagship characteristics Axon 60 Ultra. The smartphone supports several Chinese satellite communication systems, including...

SpaceX Falcon 9 First Stage Completes 20th Flight For The First Time

SpaceX carried out the 20th launch of the Falcon 9 launch vehicle with 23 Starlink satellites. The broadcast was conducted on the...

Meta Tests Private Messaging In Threads

Threads' popularity soon surpassed 130 million users, but many of them complained about the lack of direct messaging capabilities. As such, Meta...

Oppo Introduced The A3 Pro Smartphone For $280

Oppo introduced the Oppo A3 Pro smartphone, which has IP69 protection, the maximum protection for consumer devices, and is quite affordable compared...

Related articles

Leave a reply

Please enter your comment!
Please enter your name here