Illustration: Aïda Amer/Axios TikTok says it has fixed a vulnerability that led to a rare type of cyberattack this week. Why it matters: Hackers sent a private, malware-laced message to users that took over their accounts as soon as the message was opened.

• TikTok confirmed to Axios that the unidentified hackers were able to take over CNN's account.
• Reports suggest that they also attempted to hijack Paris Hilton's TikTok account.

Threat level: It remains unclear who is behind the attack and what vulnerability the hackers exploited — but this type of attack is extremely rare and likely won't impact the average user. Driving the news: Semafor first reported the CNN account takeover, and Forbes reported Tuesday on the use of zero-click malware.

• A TikTok spokesperson added that the company is actively working with affected account owners to restore their access.

Between the lines: The TikTok accounts look a lot like zero-click spyware attacks that target high-profile government officials, political activists and journalists.

• However, the end result is different: In spyware attacks, the goal is to track users' phone calls, text messages and other activities.
• In the TikTok case, the goal was to completely take over the account.

Zoom in: It's possible the vulnerability affected how content is loaded in direct messages, Malwarebytes security researcher Pieter Arntz noted.

• Microsoft identified a vulnerability in TikTok's Android app in 2022 that could lead to one-click account hijacking — and TikTok released a fix to that flaw before it was disclosed.

文章来源：Axios

TKFFF公众号

扫码关注领【TK运营地图】

TKFFF合作，请扫码联系！