Microsoft found a problem in TikTok that might expose millions of users’ private footage

By Somya Agrawal Published on September 1, 2022, 14:04 IST

According to research conducted by Microsoft 365, Defender Research TeamA flaw in the TikTok app for Android might allow hackers to take control of millions of users’ private, short-form movies if they clicked on a malicious link. Microsoft discovered a high-severity flaw in the TikTok Android app that could have allowed attackers access to users’ accounts with just one click.

Since then, the Chinese company has addressed the vulnerability, which required a series of issues to get exploited. The internet giant claimed in a statement late on Wednesday that if a targeted user simply clicked a specially designed link, attackers might have used the flaw to hijack an account without users’ awareness.

After then, attackers might have acquired access to users’ TikTok accounts and sensitive information and changed it, for instance by posting videos, sending messages, or making public-private movies on users’ behalf. TikTok has two variations of its Android app for users in East and Southeast Asia and the rest countries.

The TikTok vulnerability assessment was performed by the Microsoft team, and it was discovered that both Android versions of the app—which had received over 1.5 billion downloads from the Google Play Store—were affected by the issues.

A professional Microsoft security researcher carefully thought through the repercussions and alerted TikTok to the issues. TikTok promptly released a remedy to address the discovered vulnerability, which is now known as CVE-2022-28799, according to Microsoft. For more information, users can refer to the CVE entry.

It went on to advise TikTok users to make sure they are using the latest updated version of the program.