Search This Blog

Showing posts with label JavaScript exploit. Show all posts

TikTok Android Vulnerability Identified by Microsoft 


In the TikTok Android app, Microsoft has described a high-severity weakness that might have enabled a hacker to take over an account by luring users into clicking on a link.

The bug's current identification is CVE-2022-28799. According to Microsoft, the flaw has not yet been exploited by the public, despite the app having an estimated 1.5 billion downloads on the Play Store. Microsoft advises all TikTok users on Android to upgrade the app to the most recent version while it is being patched.

In fact, Microsoft detected over 70 vulnerable JavaScript methods that, when combined with a bug to take control of WebView, might be exploited to provide the attacker's capability.

Threat actors could execute authenticated HTTP queries or access or modify the private information of TikTok users using the ways that were publicly disclosed.

In essence, attackers who would have been successful in exploiting this vulnerability might have easily:
  • Retrieved the users' authentication tokens by triggering a request to a server under their control and logging the cookie and the request headers.
  • Retrieved or modified the users' TikTok account data, including private videos and profile settings by triggering a request to a TikTok endpoint and retrieving the reply via the JavaScript callback.
"The TikTok Android app was revealed to have a WebView Hijacking vulnerability due to an unvalidated deep link on an invalid argument. Through a JavaScript interface, this may have led to account hijacking, " The HackerOne  explained in an article.

Only about a month after Microsoft first revealed the security flaw, TikTok version 23.7.3 was launched with a patch to address the CVE-2022-28799 tracking number.

Microsoft further said that "Once the targeted TikTok user clicks the hacker's specially constructed malicious link, the attacker's server is granted total access to the JavaScript bridge and can activate any accessible functionality."

The server of the attacker sends back an HTML page with JavaScript code that modifies the user's profile biography and sends video upload tokens back to the attacker.

Attackers with complete access to users' accounts could modify their profile information, send messages, upload movies, and even post private videos.

Tiktok has also fixed further security vulnerabilities that might have let hackers steal customers' personal details or take over their accounts to tamper with footage.

Horde Webmail Software has a 9-year-old Unsecure Email Theft Risk


A nine-year-old unsecure security flaw in the Horde Webmail functionality might be exploited to acquire total access to the email accounts merely by viewing an attachment. Horde Webmail is a Horde project-developed free, enterprise-ready, browser-based communication package. Universities and government institutions use this webmail option extensively. 

According to Simon Scannell, a vulnerability researcher at SonarSource, "it provides the hackers to gain access to all confidential and possibly classified documents a user has recorded in an email address and might allow them to obtain further access to an organization's internal services." 

SonarSource detected a stored Xss attack which was implemented with commit 325a7ae, which was 9 years ago. Since the commit on November 30, 2012, the bug has affected all versions. The vulnerability can be exploited by previewing a specially designed OpenOffice document and allowing a malicious JavaScript payload to be executed. The attacker can take all emails sent and received by the victim by exploiting the flaw. 
"An attacker can create an OpenOffice document which will launch a malicious JavaScript payload when converted to XHTML by Horde for preview." the report continues "When a targeted person sees an attached OpenOffice document in the browser, the vulnerability is activated." according to SonarSource experts.

Worse, if an executive account with a personalized, phishing email is successfully hacked, the attacker might use this unprecedented access to take control of the entire webmail service. Despite the vendor's confirmation of the problem, no fixes have been given to the project managers as of August 26, 2021. Horde was contacted for more comments, but none were made to address the situation.

Meanwhile, Horde Webmail users should deactivate the rendering of OpenOffice attachments by adding the 'disable' => true configuration option to the OpenOffice mime handler in the config/mime drivers.php file.

Tor Browser Bug Executes Uncalled for JavaScript Codes!

The well-known Tor is allegedly experiencing some kind of bug in its mechanism. It has hence warned the users to stay vigilant as regards to the “Tor Browser Bug”, which runs JavaScript codes on various unexpected sites.

Tor (originally Team Onion Router) is a free and open-source software which chiefly works on allowing anonymous communication to users.

Reportedly, the team has been working on a solution and would roll it out as soon as it is done, but there isn’t a particular time to expect it.

One of the most critical features for the security of the Tor Browser Bundle (TBB) happens to be the ability to block the code execution of the JavaScript, mention sources.

TBB is a browser that has a set of superior privacy features majorly for concealing real IP addresses to maintain the anonymity of online users and their devices’ locations.

Owing to these features, the browser has become a go-to for the working people, especially the journalists, citizens of repressive countries and people with political agendas because after all, it is a great instrument to dodge online censorship and firewalls.

People who are against the anonymity of the users and just can’t let things be, have in the past tried several times to expose Tor Browser users’ actual IP addresses via exploits that functioned on JavaScript code.

Sources cite that while few attempts of the better nature have been successfully employed to track down criminals, others were pretty strangely executed.

And then recently, a bug was discovered in the much appreciated TBB’s security mechanism. When the browser was set to allow the use of the most supreme security level and still permitted the execution of the JavaScript code when instead it should have barred it.

It is a relief that the team of Tor is well aware of the bug and is, with dedication working towards developing a patch for it. Per sources, they also mentioned that if a user requires to “Block JavaScript” they could always disable it entirely.

As per reports, the procedure for doing the above-mentioned is to open the “about config” and search for “javascript.enabled”. If here the “Value” column mentions “false” it means that the JavaScript is disabled and if it mentions “true” then right-click to select “Toggle” or double click on the row to disable it.