TikTok has once again made it to the news owing to security flaws. This time, the vulnerabilities affect the TikTok Android app. Exploiting the bugs could allow stealing files from the target device.
Researchers from the mobile app security service Oversecured have found multiple vulnerabilities in the TikTok Android app.
Describing the details in a blog post, the researchers explained that they found four high-severity flaws in the app.
Briefly, one of these vulnerabilities could let an attacker steal arbitrary files from the device. The flaw affected the com.ss.android.ugc.aweme.livewallpaper.ui.LiveWallPaperPreviewActivity. Exploiting the flaw required user interaction and could give read-only access to arbitrary files. As stated in the post,
Whereas, the other three could allow the adversary for arbitrary code execution. These vulnerabilities affected three separate libraries that could load into an app via a malicious app. The library could then persist even after an app was deleted.
Hence, the attacker could then exploit it to execute arbitrary codes.
The researchers have shared the PoC for all exploits in their post.