How this security bug exposed the TikTok Android app
How this vulnerability could’ve been misused
As per the blog, if hackers decided to exploit this vulnerability, they could have accessed accounts with a single click from the users. The blog even mentions that attackers could have even distributed a compromised link through email or other online messaging services.
A single tap on these links would have victimised the users by allowing hackers to access their TikTok accounts, immediately compromising your account. Cyber attackers could have used this vulnerability to publicise private videos, send messages and upload videos on the victims’ behalf.
How TikTok reacted to this security bug
Microsoft’s 365 Defender Research Team spotted the security bug for the first time in February and reported it to TikTok for redressal. The Chinese social media company claimed to have fixed this vulnerability and believes that none of the accounts was compromised.
Moreover, even Microsoft confirmed that the vulnerability has been fixed and the company couldn’t locate “any evidence of in-the-wild exploitation,” through the blog. Furthermore, TikTok has also claimed that there was “no evidence” of the bug being exploited by cyber attackers.
How users can stay safe
The blog also suggests that most TikTok users on Android have already received the patch. However, users who are unsure of their security should update their app to the latest version. Moreover, users should also try to verify the sender before clicking on a link sent from an unknown email address or phone number.