The Microsoft 365 Defender Research Team has discovered a critical vulnerability in the Tiktok app for Android.
Serious vulnerability in Tiktok’s Android app.
Microsoft reports on its security blog this week about a “highly dangerous” vulnerability in the Tiktok app for Android. The vulnerability was discovered by the Microsoft 365 Defender Research Team and has since been closed by the app developers. According to Microsoft, it has not found any evidence that the vulnerability has been exploited.
Hijack Tiktok account with just one click
The vulnerability could have been exploited by attackers to hijack a Tiktok account without the owner noticing. The account holder simply had to click on a specially crafted link. If he fell into this trap, attackers would have been granted access to his Tiktok profile and therefore to his personal user data. With full access to the stolen Tiktok account, attackers could have published videos or sent messages on behalf of the account owner.
Vulnerability bypasses deep link verification
Tiktok responded immediately
According to Microsoft, Tiktok has two versions of its app – one for East and Southeast Asia and one for all other countries. The security experts found the vulnerability in both app versions. 1.5 billion users were potentially at risk. Tiktok was informed about the gap in February 2022 and immediately published a fix.
“We commend the efficient and professional solution provided by the TikTok security team. TikTok users are advised to ensure they are using the latest version of the app.”