Microsoft has revealed a vulnerability in TikTok that provides hackers the opportunity to take over accounts on the Android application with a simple click.
Reportedly, the flaw is present in both the regional versions of the Android app, with more than 1.5 billion downloads combined.
"Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link. Attackers could have then accessed and modified users’ TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users."
According to TikTok's Mitre database entry for CVE-2022-28799, "A crafted URL (unvalidated deep link) can force the com. zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click."
While Microsoft claims the flaw has been fixed, it advises TikTok users with Android phones to use the most updated version of the app.
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ