Developer ByteDance has fixed security flaws on its video-sharing platform TikTok, after researchers at a security firm pointed them out.
The security flaws on Tiktok have been addressed by its developer ByteDance after researchers from security firm Check Point found them. These flaws could have allowed hackers to add or delete videos, change privacy settings and steal personal data.
The security flaws were brought to the attention of ByteDance by Check Point in November. Tiktok announced that these flaws have been fixed and expressed gratitude towards the security firm for alerting them.
In a statement, TikTok said: "Like many organisations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us."
"Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage further collaboration with security researchers," it added.
Check Point indicated that the vulnerability already existed for most of 2019 and said this would raise "serious questions" about whether any hacker had found it. The security firm also said that ByteDance had "responsibly deployed" a solution within a month of it being alerted about the issue.
The security flaw was mostly centered in the way TikTok handled users' mobile phone numbers, which people must provide in order to register for the app. Check Point found that hackers could potentially access these numbers and send texts posing as TikTok.
As a result, hackers would be able to delete videos, change settings on them from private to public or upload unauthorized videos. They could also force a user to access a web server they control, making it possible for them to send unwanted requests on behalf of the user.
The vulnerability could also allow a hacker to redirect users to a malicious website pretending to be TikTok.
