Microsoft says a high-severity TikTok Android vulnerability might have allowed account hijacking “with a simple click.”
Microsoft claimed in a blog post that a chain of weaknesses could be exploited with a single click.
“Attackers might have accessed and updated users’ TikTok profiles and sensitive information,” Microsoft said.
TikTok vulnerability
The vulnerability affected all versions of the TikTok Android app, which has been downloaded 1.5 billion times.
So the issue was with TikTok for Android’s JavaScript interfaces. Microsoft was able to compromise an account by leveraging the app’s JavaScript interfaces and Android’s URL routing.
Mercifully, researchers found no evidence the vulnerability was exploited in the wild, and the issue was corrected in February. Microsoft praised TikTok’s security team for its quick response.
Expert, cross-industry collaboration, such as that provided by the Microsoft 365 Defender Research Team’s Dimitrios Valsamaras, is essential for efficiently mitigating issues like the one they just described.
Vulnerability disclosures, coordinated response, and other types of threat information sharing are required to assist safeguard users’ computing experience across platforms and devices since “threats across platforms continue to expand in quantity and sophistication.”
Despite the fact that the patch will have already reached the vast majority of TikTok users, cautious users can rest assured that they are secured by updating to the newest version of the programme.