Microsoft 365 Defender Research Team recently spotted a flaw in the TikTok app which could have exposed short-form, private videos of millions of users on the platform, once they clicked on a link. The link redirected users to a malicious web page. This bug was spotted on Android. The flaw has since been patched.
Microsoft discovered the bug which could have put short-form videos or private data at high risk in TikTok’s Android application. This TikTok bug could have exposed the data in a single click. However, the bug has now been fixed by the firm.
“Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link,” Microsoft said.
The attackers could have accessed and made changes to individual accounts, by publicising private videos, uploading videos, or sending messages to the target’s connections. The TikTok has two official versions- one, solely for East and South Eastern Countries and the other one, for the rest of the world. The bug was affecting both the versions, as claimed by Microsoft.
After reviewing the bug, Microsoft contacted TikTok and notified them about the bug.
“TikTok quickly responded by releasing a fix to address the reported vulnerability, now identified as CVE-2022-28799, and users can refer to the CVE entry for more information,” Microsoft said. Furthermore, TikTok users must check that they are using the latest version.
