A high severity vulnerability in the TikTok Android app has been fixed. The flaw could enable attackers to take over user accounts by tricking users into clicking a malicious link. Discovered by Microsoft, the vulnerability has already been fixed.
Successful exploitation of the TikTok flaw would have required several flaws to be changed together, Microsoft said. Fortunately, no evidence of in-the-wild exploits has been discovered so far. “Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link,” the company noted.
As a result, attackers would have been able to modify TikTok profiles and access users’ sensitive details. The flaw could have led to publicizing private videos, sending messages, and uploading videos on behalf of victimized accounts.
CVE-2022-28799: Technical Overview
After carrying out a vulnerability assessment of TikTok, the researchers determined that the vulnerability affected both flavors of TikTok for Android, with more than 1.5 billion installations combined via the Google Play Store. Following the disclosure, TikTok quickly released a fix for CVE-2022-28799. TikTok users should ensure that they are using the latest version of the TikTok app.