Cybersecurity researchers from Imperva have uncovered a flaw in the popular social media app TikTok which could have allowed threat actors to exfiltrate sensitive data from victim devices to be used in identity theft attacks, phishing, or for blackmail.
The vulnerability, which has since been fixed, was found in the way the app handled incoming messages. Explaining the method, the researchers said the attackers could send a malicious message to the TikTok web application through the PostMessage API, which would glide past any security measures.