Microsoft has revealed details of a high severity vulnerability in the TikTok app for Android. The Microsoft 365 Defender Research Team shares news of the now-fixed security flaw which the company says could have allowed an attacker to take over a victim’s account by simply getting them to click a malicious link.
With hundreds of millions of users around the world, TikTok is one of the most popular social platforms at the moment; the potential damage from the successful exploitation of such a vulnerability is huge.
Thankfully, as Microsoft points out, there is no evidence that the vulnerability has been exploited in the wild. This is thanks in part to the fact that while the vulnerability has been assigned a high severity label, successful exploitation would require an attacker to take advantage of several security issues in succession.
In a blog post about the discovery, the company says:
Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click. The vulnerability, which would have required several issues to be chained together to exploit, has been fixed and we did not locate any evidence of in-the-wild exploitation. Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link. Attackers could have then accessed and modified users’ TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users.
Microsoft goes on to explain: