A high-severity vulnerability in the TikTok Android application could have allowed accounts to be hijacked “with a single click”, Microsoft has revealed.
In a paper published to the Microsoft Security blog, the company reported that a chain of issues could have been abused to create a scenario whereby an account could be compromised with a single press of a specially crafted link.
“Attackers could have then accessed and modified users’ TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users,” explained Microsoft.
TikTok security bug
The vulnerability in question is said to have been present in all versions of the TikTok Android client, which have collectively been installed more than 1.5 billion times.
Mercifully, the researchers did not discover any evidence the vulnerability was exploited in the wild – and the issue was patched shortly after the issue was disclosed back in February. According to Microsoft, the TikTok security team should be commended for the swiftness and efficiency of its response.
“This case displays how the ability to coordinate research and threat intelligence sharing via expert, cross-industry collaboration is necessary to effectively mitigate issues,” said Dimitrios Valsamaras, of the Microsoft 365 Defender Research Team.
“As threats across platforms continue to grow in numbers and sophistication, vulnerability disclosures, coordinated response, and other forms of threat intelligence sharing are needed to help secure users’ computing experience, regardless of the platform or device in use.”
Although the patch will already have made its way to the majority of TikTok-ers, concerned users can guarantee they are protected by updating their app to the latest version.
Add an extra layer of protection to your accounts with the best security keys