New Delhi, Sep 1 : Microsoft 365 Defender Research Team has discovered a security flaw in the TikTok application for Android that allows hackers to access private, short-form video clips of millions of users after they clicked on an infected link.Microsoft discovered a vulnerability of high severity in the TikTok Android app, which could have allowed attackers to take over accounts of users with just one click.
The vulnerability that would require a variety of issues to be linked in order to exploit, has been patched by the Chinese company.
“Attackers could have exploited this vulnerability to steal accounts without users conscious when a targeted user clicked on a specially-crafted URL,” the tech giant stated in a statement on Wednesday.
Attackers may have access to and altered users’ TikTok profiles and sensitive information, like posting private videos, sending messages and uploading files for the benefit of users.
TikTok offers two versions of its Android app: one designed for East and Southeast Asia and another for the other countries.
Conducting a vulnerability analysis of TikTok The Microsoft team found that the vulnerabilities were affected by the app’s two versions of the application for Android and iOS, which have more than 1.5 billion downloads combined through the Google Play Store.
After carefully analyzing the implications After carefully reviewing the implications, an Microsoft security researcher alerted TikTok of the problems.
“TikTok immediately responded by publishing a fix for the vulnerability that was reported, and is now identified as CVE-2022-28799 and users are able to look up the CVE entry for more details,” said Microsoft.
TikTok users are advised to make sure they’re using the most recent version of the application, the company said.
na/
