Microsoft spots TikTok bug that could expose private videos of millions


New Delhi, Sep 1 (IANS): Microsoft 365 Defender Research Team has discovered a vulnerability in the TikTok app for Android that can let hackers take over private, short-form videos of millions of users once they clicked on a malicious link.

Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users' accounts with a single click.

The vulnerability, which would have required several issues to be chained together to exploit, has now been fixed by the Chinese company.

"Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," the tech giant said in a statement late on Wednesday.

Attackers could have then accessed and modified users' TikTok profiles and sensitive information, such as by publicising private videos, sending messages, and uploading videos on behalf of users.

TikTok has two versions of its Android app: one for East and Southeast Asia and another for the remaining countries.

Performing a vulnerability assessment of TikTok, the Microsoft team determined that the issues were affecting both versions of the app for Android, which have over 1.5 billion installations combined via the Google Play Store.

After carefully reviewing the implications, a Microsoft security researcher notified TikTok of the issues.

"TikTok quickly responded by releasing a fix to address the reported vulnerability, now identified as CVE-2022-28799, and users can refer to the CVE entry for more information," said Microsoft.

TikTok users are encouraged to ensure they're using the latest version of the app, it added.

 

  

Top Stories


Leave a Comment

Title: Microsoft spots TikTok bug that could expose private videos of millions



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.