Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Imperva Red. Show all posts

Imperva Red Team Patches a Privacy Vulnerability in TikTok


The Imperva Red Team has recently identified a vulnerability in TikTok, apparently allowing threat actors to look into users’ activities over both mobile and desktop devices.

The vulnerability, which has now been patched, was the result of a window message event handler's failure to accurately verify the message's origin, providing attackers access to users’ sensitive data.

PostMessage API 

The PostMessage API (also known as the HTML5 Web Messaging API) is a communication mechanism that permits safe cross-origin communication between several windows or iframes inside a web application. The API enables scripts from different origins to exchange messages, overcoming the restrictions the Same-Origin Policy imposes, that normally restricts data sharing between distinct sources on the web.

The API includes methods named window.postMessage() and an event message. The postMessage() method is used to send a message from the source window to the target window or iframe, while the message event is triggered on the receiving end when a new message is received. The team discovered a script in TikTok's web application during the code analysis that seemed to be involved in user tracking. 

The Imperva report states that “the first step in discovering the vulnerability was to identify all the message event handlers in TikTok's web application. This involved a comprehensive analysis of the source code in locating instances where the PostMessage API was being used[…]Once all the message event handlers were identified, we proceeded to carefully read and understand the code for each handler. This allowed us to determine the purpose of each handler and evaluate the security implications of processing untrusted messages.” 

Exploiting the Vulnerability 

Attackers could send harmful messages to the TikTok web application through the PostMessage API by taking advantage of this vulnerability and getting around the security precautions. The malicious message would then be processed by the message event handler as if it were from a reliable source, giving the attacker access to private user data.

The vulnerability was promptly addressed after being reported to TikTok by the Imperva Red Team, and Imperva appreciated TikTok for its swift action and cooperation. This disclosure should serve as a reminder of the value of adequate message origin validation and the risks of enabling interdomain communication without the necessary security precautions.  

Over 2.5 Billion Google Chrome Users' Information was Breached

 


It is no longer necessary for a person to commute to a physical location to find information about anything they are interested in. 

Currently, Google can be trusted to provide the most relevant information about anything and everything. Google has a wealth of information available at the click of a button. Data threat risk is also growing along with the acceptance of cloud services leading to the rise of data breaches. 

With billions of users, Google Chrome is gaining an increasing amount of popularity as one of the most popular web browsers. 

According to the cyber security firm Imperva Red, a vulnerability in Google Chrome and Chromium browsers could expose the data of over 2.5 billion users worldwide to the risk of theft or other harm. 

The company is reporting that a vulnerability known as CVE-2022-3656 can be exploited to steal private information, such as the login credentials of cloud providers and crypto wallets. An assessment of how the browser interacts with the file system found a vulnerability in the way the browser works with the file system. According to the blog, the purpose of this experiment was primarily to examine how browsers handle symlinks to find widespread issues. 

It should be noted that a symbolic link is a kind of file that points to a different file or directory, as defined by Imperva Red. A symlink can therefore be treated by the operating system as if it were a regular file or directory. This means that the operating system can access it as though it were physically present. A symlink could be useful if you want to create shortcuts, change the path of a file, or organize your files more flexibly according to the manual. 

There is also a possibility that these links could be exploited to expose vulnerabilities if not managed appropriately.  

The company stated that the flaw, which affected Google Chrome, could have been exploited by hacking and building a false website. This site promoted a newly launched service related to crypto wallets. A website that prompts people to download "recovery" keys might then appear to deceive them into creating a new wallet.