Microsoft spots TikTok bug that could expose private videos of millions

by IANS |

New Delhi, Sep 1 (IANS) Microsoft 365 Defender Research Team has discovered a vulnerability in the TikTok app for Android that can let hackers take over private, short-form videos of millions of users once they clicked on a malicious link.

Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users' accounts with a single click.

The vulnerability, which would have required several issues to be chained together to exploit, has now been fixed by the Chinese company.

"Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," the tech giant said in a statement late on Wednesday.

Attackers could have then accessed and modified users' TikTok profiles and sensitive information, such as by publicising private videos, sending messages, and uploading videos on behalf of users.

TikTok has two versions of its Android app: one for East and Southeast Asia and another for the remaining countries.

Performing a vulnerability assessment of TikTok, the Microsoft team determined that the issues were affecting both versions of the app for Android, which have over 1.5 billion installations combined via the Google Play Store.

After carefully reviewing the implications, a Microsoft security researcher notified TikTok of the issues.

"TikTok quickly responded by releasing a fix to address the reported vulnerability, now identified as CVE-2022-28799, and users can refer to the CVE entry for more information," said Microsoft.

TikTok users are encouraged to ensure they're using the latest version of the app, it added.

Latest News
Kanwar Yatra: Cong slams 'name display' order to eateries as move to boycott Muslims, Dalits Thu, Jul 18, 2024, 04:14 PM
Rajasthan Education Minister apologises for his tribal remarks Thu, Jul 18, 2024, 04:12 PM
S Korea: Over 10,000 trainee doctors likely to end up leaving hospitals Thu, Jul 18, 2024, 04:11 PM
Maha govt staff asks CM to act strongly against trainee IAS officer, warns of stir Thu, Jul 18, 2024, 04:09 PM
Cambodian PM says landmines, ERWs still pose risk to over 1 mn people Thu, Jul 18, 2024, 04:04 PM
IIT Mandi team conducts comprehensive life cycle assessment of solar cell technologies Thu, Jul 18, 2024, 04:02 PM
Sensex, Nifty touch all-time record highs amid renewed IT stock buying Thu, Jul 18, 2024, 04:01 PM
ISL: Punjab FC extend contract with Luka Majcen for upcoming season Thu, Jul 18, 2024, 04:00 PM
Oommen Chandy remembered on first death anniversary Thu, Jul 18, 2024, 03:57 PM
Calcutta HC directs Bengal Police to submit cases diaries against LoP Thu, Jul 18, 2024, 03:57 PM
Thieves decamp after stealing watches worth Rs 25 lakh in Thane Thu, Jul 18, 2024, 03:52 PM
ED forcing accused to name CM & Dy CM in tribal welfare case to destabilise Karnataka govt: Congress Thu, Jul 18, 2024, 03:22 PM
How this common chemotherapy drug can raise risk of severe damage to heart Thu, Jul 18, 2024, 03:19 PM
Elon Musk bats for CO2 tax to tackle climate change crisis Thu, Jul 18, 2024, 02:26 PM
Study shows birth outcome of freezing eggs as effective as regular IVF Thu, Jul 18, 2024, 02:16 PM