Microsoft 365 Defender Research Team discovers a dangerous ‘one-click’ exploit for the TikTok Android app

Attackers could have accessed and modified users' TikTok profiles and sensitive information

September 1, 2022

Microsoft spots TikTok bug that could expose private videos of millions

Tech giant Microsoft discovered a ‘high-risk vulnerability’ in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click.

Microsoft said in a statement, “Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link.”

Attackers could have then accessed and modified users’ TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users.

Microsoft 365 Defender Research Team has discovered a vulnerability in the TikTok app for Android that can let hackers take over private, short-form videos of millions of users once they clicked on a malicious link. The vulnerability, which would have required several issues to be chained together to exploit, has now been fixed by the Chinese company.

Performing a vulnerability assessment of TikTok, the Microsoft team determined that the issues were affecting both versions of the app for Android, which have over 1.5 billion installations combined via the Google Play Store.

After carefully reviewing the implications, a Microsoft security researcher notified TikTok of the issues.

“TikTok quickly responded by releasing a fix to address the reported vulnerability, now identified as CVE-2022-28799, and users can refer to the CVE entry for more information. TikTok users are encouraged to ensure they’re using the latest version of the app,” said Microsoft.

[With Inputs from IANS]

PGurus is now on Telegram. Click here to join our channel and stay updated with all the latest news and views

For all the latest updates, download PGurus App.