Microsoft 365 Defender Research Team has located a vulnerability within the TikTok app for Android that could let hackers take over non-public, quick-form movies of thousands and thousands of customers after they clicked on a malicious hyperlink.
Microsoft discovered a high-severity vulnerability inside the TikTok Android software, which could have allowed the attackers to compromise customers’ money owed with a unmarried click on.The vulnerability, which could have required several troubles to be chained together to take advantage of, has now been fixed by means of the Chinese business enterprise.
“Attackers ought to have leveraged the vulnerability to hijack an account with out customers’ recognition if a focused user actually clicked a in particular crafted link,” the tech giant stated in a declaration overdue on Wednesday.
Attackers should have then accessed and changed users’ TikTok profiles and touchy statistics, including by publicising non-public videos, sending messages, and importing movies on behalf of customers.
TikTok has versions of its Android app: one for East and Southeast Asia and every other for the last international locations.
Performing a vulnerability assessment of TikTok, the Microsoft team determined that the issues have been affecting each versions of the app for Android, that have over 1.Five billion installations combined through the Google Play Store.
After cautiously reviewing the results, a Microsoft safety researcher notified TikTok of the issues.
“TikTok fast replied by means of freeing a fix to address the mentioned vulnerability, now identified as CVE-2022-28799, and users can consult with the CVE entry for more information,” said Microsoft.