Android TikTok users urged to update app after ‘high-severity vulnerability’ discovered

TikTok users on Android are urged to ensure their app is up to date, after Microsoft discovered and patched a “high-severity vulnerability”.

On August 31, the Microsoft 365 Defender research team revealed that it had discovered a “high-severity vulnerability” in the TikTok app for Android, which it said potentially allowed attackers to compromise people’s accounts. with just one click.

They explained that although they found no evidence of “exploit in the wild” for the vulnerability, the attackers could have modified user profiles and sensitive account information if the user clicked on a “link specially crafted”, allowing potential attackers to post private messages. videos and send messages.

Microsoft explained, “The vulnerability allowed the application’s deep link check to be bypassed. Attackers could force the application to load an arbitrary URL into the application’s WebView, allowing the URL to then access JavaScript bridges attached to the WebView and grant attackers functionality. »

Unsplash: Aaron Weiss

TikTok is one of the most popular platforms in the world.

They notified TikTok of the vulnerability, which was classified as High Severity with a score of 8.3, through Coordinated Vulnerability Disclosure in February 2022, as part of their Responsible Disclosure Policy.

TikTok responded by releasing a patch to fix the vulnerability, which was identified as CVE-2022-28799, “in an updated version of the app released less than a month after the initial disclosure.”

Microsoft wrote, “We commend the effective and professional resolution by TikTok’s security team. TikTok users are encouraged to ensure they are using the latest version of the app. »

They then advised users not to click on links from untrusted sources, to keep their devices and apps up-to-date, and to “immediately report any strange app behavior to the provider, such as settings changes triggered without interaction.” of the user”.

If you need more information on how to update your TikTok app on iPhone and Android, you can check out our guide here.

About Shelly Evans

Check Also

Valkyrae’s Biggest Regret Isn’t What You Expected

Asked about her biggest professional regret, Valkyrae had a ready-made answer. While some viewers might …