Short video service TikTok has discovered a ‘high severity’ vulnerability that could allow attackers to gain access to a user’s account with a single click of the mouse.
The vulnerability was discovered in the TikTok app for Android by the Microsoft 365 Defender Research Team, which shared details about it on its blog. All a user had to do was click on a malicious link, and the attacker gained control of their account with the ability to upload and post videos, send messages to other users, and view private videos stored on the account.
Microsoft notified TikTok of a vulnerability that affected the deep linking functionality of the Android app, and the service quickly patched it. ‘TikTok responded quickly, and we appreciate the efficient and professional solution of the security team,’ – Tanmay Ganacharya, partner director of security research at Microsoft Defender for Endpoint, told The Verge.
TikTok spokeswoman Maureen Shanahan noted that the TikTok Android app has been downloaded more than 1.5 billion times on the Google Play Store, so the damage from this vulnerability could potentially be huge. However, there is no evidence that anyone has used this bug.