Microsoft reveals TikTok exploit enabling hackers to takeover accounts

Microsoft reveals a TikTok vulnerability that affects Android users and puts their accounts at risk for hacking

Microsoft has revealed a vulnerability in TikTok that provides hackers the opportunity to take over accounts on the Android application with a simple click.

Reportedly, the flaw is present in both the regional versions of the Android app, with more than 1.5 billion downloads combined.

"Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link. Attackers could have then accessed and modified users’ TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users."

According to TikTok's Mitre database entry for CVE-2022-28799, "A crafted URL (unvalidated deep link) can force the com. zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click."

While Microsoft claims the flaw has been fixed, it advises TikTok users with Android phones to use the most updated version of the app.

 

RELATED

Load Next Story