Skip to content
Cirrkus News Logo
  • Home
  • Entertainment
  • Culture
  • Fashion
  • Trends
  • Music
  • Technology
  • Celebrities
  • Tips
  • About Us
  • Contact Us
  • Privacy Policy
  • Home
  • News
  • A ‘high severity’ TikTok vulnerability allowed one-click account hijacking

A ‘high severity’ TikTok vulnerability allowed one-click account hijacking

August 31, 2022 Cirrkus
A ‘high severity’ TikTok vulnerability allowed one-click account hijacking

A vulnerability in the TikTok app for Android could have let attackers take over any account that clicked on a malicious link, potentially affecting hundreds of millions of users of the platform.

Details of the one-click exploit were revealed today in a blog post from researchers on Microsoft’s 365 Defender Research Team. The vulnerability was disclosed to TikTok by Microsoft, and has since been patched.

The bug and its resulting attack, labelled a “high severity vulnerability,” could have been used to hijack the account of any TikTok user on Android without their knowledge, once they clicked on a specially crafted link. After the link was clicked, the attacker would have access to all primary functions of the account, including the ability to upload and post videos, send messages to other users, and view private videos stored in the account.

The potential impact was huge, as it affected all global variants of the Android TikTok app, which has a total of more than 1.5 billion downloads on the Google Play Store. However, there’s no evidence it was exploited at scale. Researchers involved with the discovery and disclosure praised TikTok for a quick response.

“We gave them information about the vulnerability and collaborated to help fix this issue” Tanmay Ganacharya, partner director for security research at Microsoft Defender for Endpoint, told The Verge. “TikTok responded quickly, and we commend the the efficient and professional resolution from the security team.”

According to details published in the blog post, the vulnerability affected the deep link functionality of the Android app. This deep link handling tells the operating system to let certain apps process links in a specific way, such as opening the Twitter app to follow a user after clicking an HTML “Follow this account” button embedded in a webpage.

This link handling also includes a verification process that should restrict the actions performed when an application loads a given link. But the researchers found a way to bypass this verification process and execute a number of potentially weaponizable functions within the app.

One of these functions let them retrieve an authentication token tied to a certain user account, effectively granting account access without the need to enter a password. In a proof-of-concept attack, the researchers crafted a malicious link that, when clicked, changed a TikTok account’s bio to read “SECURITY BREACH.”

A screenshot of a compromised account.
Microsoft

Fortunately, the vulnerability was detected, and Microsoft has used the opportunity to stress the importance of collaboration and coordination between technology platforms and vendors.

“As threats across platforms continue to grow in numbers and sophistication, vulnerability disclosures, coordinated response, and other forms of threat intelligence sharing are needed to help secure users’ computing experience, regardless of the platform or device in use,” wrote Microsoft’s Dimitrios Valsamaras in the blog post. “We will continue to work with the larger security community to share research and intelligence about threats in the effort to build better protection for all.”

Although the TikTok app is not known to have suffered any major hacks so far, some critics have branded it a security risk for other reasons.

Recently, concerns have been raised over the extent to which US users’ data can be accessed by China-based engineers at ByteDance, TikTok’s parent company. In July, Senate Intelligence Committee leaders called on FTC chair Lina Khan to investigate TikTok after reports brought into question claims that US users’ data was walled off from the Chinese branch of the company.

TikTok had not responded to questions from The Verge by time of publication.

Share This Article


Culture, News, TechnologyAccount, Allowed, Apps, downloads, google play, High, hijacking, Microsoft, oneclick, severity, TikTok, vulnerability

Post navigation

Previous Previous post: SUICIDE SILENCE Shares New Single ‘You Must Die’
Next Next post: Now you can watch Paramount Plus and Showtime in a single app

Recommended For You

  • Jake Anderson Net Worth | Celebrity Net Worth →

    Jake Anderson Net Worth | Celebrity Net Worth

  • Juanes Shares New Single, ‘Cuando Estamos Tú Y Yo’ →

    Mariah Carey - The Emancipation Of Mimi

  • Former Google CEO Eric Schmidt Pays $110 Million For Spelling Manor →

    Former Google CEO Eric Schmidt Pays $110 Million For Spelling Manor

  • Keith Colburn Net Worth | Celebrity Net Worth →

    Keith Colburn Net Worth | Celebrity Net Worth

  • Jonathan Hillstrand Net Worth | Celebrity Net Worth →

    Jonathan Hillstrand Net Worth | Celebrity Net Worth

Latest

  • Erik Menendez Back In Prison After Hospitalization For Kidney Stone Surgeries →

    erik-menendez-getty-1

  • Fruit-Lovin’ Stars … So Dang Juicy! →

    Fruit-Lovin' Celebs

  • Steve Ballmer Wasn’t Given Equity When He Joined Microsoft. Today He’s The Fifth Richest Person On Earth (Bill Gates Is #12) →

    Steve Ballmer Wasn't Given Equity When He Joined Microsoft. Today He's The Fifth Richest Person On Earth (Bill Gates Is #12)

  • Today Microsoft’s Market Cap Hit $4 Trillion. Bill Gates Should Be Worth $1.4 Trillion. Instead, He Took Warren Buffett’s Horrendous Advice →

    Today Microsoft's Market Cap Hit $4 Trillion. Bill Gates Should Be Worth $1.4 Trillion. Instead, He Took Warren Buffett's Horrendous Advice

  • Captain Phil Harris Net Worth →

    Captain Phil Harris

Entertainment

  • Brooklyn Mirage Closure Will Extend to 2026, Anonymous Employee Claims →

    Brooklyn Mirage Closure Will Extend to 2026, Anonymous Employee Claims

  • Andy Hillstrand Net Worth | Celebrity Net Worth →

    Andy Hillstrand Net Worth | Celebrity Net Worth

  • Heidi Klum Parties Hard With Husband Tom Kaulitz on Wedding Anniversary →

    heidi-klum-getty-ig-1

Fashion

  • Khloe Kardashian accused of Photoshop fail as fans slam ‘horrifying’ effect →

  • Love Island USA’s Huda Mustafa eyes up Hollywood movie career after leaving fans stunned with sexy dancing on show →

  • Cortez Smith Talks ‘The Chi’, Nuck’s Season 7 Character Arc →

    The Chi Season 6

Culture

  • Dave Edmunds, 81, fighting for life after ‘major’ cardiac arrest →

    Dave Edmunds, 81, fighting for life after 'major' cardiac arrest

  • How Do You Know Trader Joe’s Chicken Is Bad? →

    How Do You Know Trader Joe's Chicken Is Bad?

  • Celebrity Style Evolutions: 14 Stars Who Transformed Their Look Over the Years | Celebrity Style, Celebrity Transformations, EG, evergreen, Harry Styles, Kim Kardashian, Kylie Jenner, Lady Gaga, Miley Cyrus, Rihanna, Selena Gomez, Slideshow, Style Evolution, Taylor Swift, Timothee Chalamet, Zendaya | Just Jared: Celebrity News and Gossip →

    Zendaya

Cirrkus

ABOUT US

CONTACT US

PRIVACY

Copyright © 2025 Cirrkus News. All rights reserved.
Magazine Plus by WEN Themes