Microsoft has shared details today about a serious TikTok for Android vulnerability that attackers could use to hijack accounts with just one click. The vulnerability affected the TikTok Android app, and Microsoft disclosed it to TikTok owner Bytedance which has since patched it.
According to Microsoft, attackers could compromise accounts from users who clicked on specially crafted links, which would allow them to retrieve or modify data without users even noticing it. However, Microsoft isn’t aware that the vulnerability has been exploited in the wild.
“After carefully reviewing the implications, a Microsoft security researcher notified TikTok of the issues in February 2022, as part of our responsible disclosure policy through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR), explained Dimitrios Valsamaras, Microsoft 365 Defender Research Team.
TikTok eventually patched the vulnerability less than a month after being informed about it by Microsoft. “We commend the efficient and professional resolution from the TikTok security team. TikTok users are encouraged to ensure they’re using the latest version of the app,” Valsamaras said.
Even though TikTok has really shaken up the social media landscape in recent years, the China-based social network has also remained a regular subject of controversy. In addition to some TikTok trends literally putting kids in danger, more and more people are pointing out its privacy and security loopholes.
Two months ago, one of the leaders of the US Federal Communications Commission (FCC) asked Apple and Google to remove TikTok from their respective app stores, pointing out the “vast troves of sensitive data” TikTok collects from US users. Earlier this month, new research also revealed that TikTok’s in-app browser could track every keystroke from its users.