21CTO

Mar 20, 2021 · Information Security

How TikTok’s Android WebView Exposes Multiple Vulnerabilities Leading to Remote Code Execution

Egyptian security researchers discovered a chain of flaws in TikTok’s Android app—including generic WebView XSS, Add Wiki Activity XSS, intent-based component launch, a Zip Slip in Tma Test Activity, and an RCE exploit—that can be combined to achieve remote code execution, and the report details TikTok’s remediation steps.