A vulnerability in the TikTok app could have allowed accounts to be taken over
- Microsoft found no indication of the vulnerability.
- The defect would have been present in all versions of the application.
According to Microsoft, a high-severity vulnerability in the TikTok Android app could have allowed accounts to be taken over “with a single click”.
In an article(opens in a new tab) published on the Microsoft Security Blog, the company claimed that a chain of problems could have been exploited to create a scenario in which an account could be compromised with a single click on a link carefully designed.
“Attackers may have accessed and modified users’ TikTok profiles and sensitive information, such as posting private videos, sending messages, and uploading videos on behalf of users,” Microsoft added.
The flaw was reportedly present in all versions of the TikTok Android client, which have been downloaded over 1.5 billion times.
Fortunately, researchers found no indication that the vulnerability was being exploited in the wild, and the issue was patched quickly after it was released in February. According to Microsoft, TikTok’s security team should be applauded for their quick and effective response.
“This case demonstrates how the ability to coordinate threat intelligence gathering and sharing through expert, cross-industry collaboration is necessary to effectively mitigate issues,” explained Dimitrios Valsamaras of the Microsoft 365 Defender Research Team.