TikTok fixes zero-day bug used to hijack high-profile accounts
Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature.
After being compromised, user accounts belonging to Sony, CNN, and Paris Hilton had to be taken down to prevent abuse. CNN's account was the first to be hijacked last week, as Semaphor first reported on Sunday.
As Forbes reported today, the exploit used by the attackers to hack the accounts via DMs only needs the targets to open the malicious message and doesn't require downloading a payload or clicking embedded links.
"Our security team is aware of a potential exploit targeting a number of brand and celebrity accounts," TikTok spokesperson Alex Haurek told Forbes.
"We have taken measures to stop this attack and prevent it from happening in the future. We're working directly with affected account owners to restore access, if needed."
