Microsoft 365 Defender researchers have uncovered a serious security flaw in the Android version of the TikTok app. This flaw could have allowed malicious actors to gain complete access to a user’s account, including all their data and personal information.
TikTok has been notified of the flaw and has already patched it in the latest version of the app. However, if you are using an older version of TikTok, we recommend updating to the latest version as soon as possible to protect your account.
On Wednesday, Microsoft 365 Defender researchers reported a concerning security flaw in the Android version of the popular video-sharing app, TikTok. The vulnerability could have given malicious actors access to every aspect of a user’s account, had they exploited it.
Contents
Which TikTok version was impacted by its Android app security bug?
version 23.7.3 of Tiktok contains a security issue that affects two flavors of its Android app:
- com.ss.android.ugc.trill
- com.zhiliaoapp.musically
Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link.
Microsoft
CVE-2022-28799 impacts deeplink, which is a hyperlink that allows apps to open a specific resource within another app installed on the device. The vulnerability could potentially allow attackers to gain access to sensitive information. The CVSS score for this vulnerability is 8.8, which indicates that it is a high-severity issue.
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/23983640/Screen_Shot_2022_08_30_at_6.38.37_PM.png "Microsoft Finds Tiktok Android App CVSS 8.8 Security Vulnerability Exploit 2")
What could have been the impact of TikTok Android App Vulnerability?
This security loophole on the TikTok app for Android devices could have allowed malicious actors to access private videos, send messages to friends or strangers, and even upload videos to user accounts without their knowledge.