TikTok users on Android are being urged to ensure their app is up to date, after Microsoft discovered and fixed a “high-severity vulnerability.”
On August 31, the Microsoft 365 Defender Research Team revealed that they had discovered a “high-severity vulnerability” in the TikTok app for Android, which they say potentially could have allowed attackers to compromise people’s accounts with just one click.
They explained that although they found no evidence of “in-the-wild exploitation” of the vulnerability, attackers could have modified users’ profiles and sensitive account information if the user clicked on a “specially crafted link,” allowing potential attackers to post private videos and send messages.
Microsoft explained: “The vulnerability allowed the app’s deeplink verification to be bypassed. Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.”
TikTok is one of the most popular platforms in the world.
They notified TikTok of the vulnerability, which was rated as high severity with a score of 8.3, through Coordinated Vulnerability Disclosure in February 2022, as part of their responsible disclosure policy.
TikTok responded by releasing a fix to address the vulnerability, which has been identified as CVE-2022-28799, “in an updated version of the app released less than a month after the initial disclosure.”
Microsoft wrote: “We commend the efficient and professional resolution from the TikTok security team. TikTok users are encouraged to ensure they’re using the latest version of the app.”
They went on to advise users not to click on links from untrusted sources, to keep their devices and applications up to date, and to “immediately report any strange application behavior to the vendor, such as setting changes triggered without user interaction.”
If you need more information on how to update your TikTok app on both iPhone and Android, you can check out our guide here.