Quote:Researchers have disclosed four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party Android app. If successful, an attacker could fully compromise the target’s TikTok account. Public disclosure of the vulnerabilities was Friday and all bugs have been patched in version 17.4.4 of the app.
Oversecured researchers said they found the arbitrary code execution flaws and one arbitrary file theft vulnerability in TikTok. Disclosure of the flaws come just as the owner of social-media platform have reportedly chosen Oracle as an American tech partner that could help keep the app running in the U.S.,on the heels of U.S. president Donald Trump threatening to ban the app over spying concerns.
If exploited, the arbitrary code execution flaws could allow attackers to access victims’ private messages and videos within the app. They could also gain control over the app’s permissions – giving them access to victims’ pictures and videos stored on the device, web browser downloads, audio and video record functions and contacts.
“All these vulnerabilities could have been exploited by a hacker if a user had installed a malicious app onto their Android device,” according to researchers with Oversecured, who discovered the flaws, in a Friday post. “All the vulnerabilities have been removed. Users should update to the latest version on Google Play to enjoy the best experience.”
Read more: https://threatpost.com/tiktok-android-co...se/159208/
![[-]](https://www.geeks.fyi/images/collapse.png)
