Home » News » Microsoft Found a One-Click Exploit in TikTok App

Microsoft Found a One-Click Exploit in TikTok App

fb twitter pinterest linkedin
Microsoft Found a One-Click Exploit in TikTok App-GadgetAny
TikTok App

Microsoft recently discovered a one-click exploit (which is now patched) in the TikTok Android app. According to the company, the “high severity vulnerability” enabled hackers to take over accounts with just a click on a malicious link by the victims

One-Click Vulnerability in TikTok Android App

Dimitrios Valsamaras, from the Microsoft 365 Defender Research Team, noted in a write-up, “Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link.”

Microsoft &  TikTok App


Therefore, malicious actors could have utilized the one-click exploit to access users’ profiles and sensitive data on TikTok. In addition, the hackers could have used the flaw to modify TikTok profiles, gained unauthorized access to private videos, and could have even been able to send messages and upload videos on the victims’ behalf. 

Furthermore, Microsoft uncovered the issue in version 23.7.3 of TikTok, which affected two types of its Android apps – com.ss.android.ugc.trill (used in East and Southeast Asia) and com.zhiliaoapp.musically (used in other countries except for India, where TikTok’s banned). Additionally, combined, both types have over 1.5 billion installations between them.

 TikTok App


Hence, thanks to Microsoft, who discovered the flaw at the earliest and informed TikTok of the problem. As a result, the social media platform promptly issued a patch for the vulnerability, preventing any harm to more than a million users’ sensitive data on the app.

More Details About the Security Flaw

Microsoft tracked the vulnerability as CVE-2022-28799 with a CVSS (Common Vulnerability Scoring System) score of 8.8. In addition, the tech company explained that it’s related to the TikTok app’s handling of deeplink. Deeplink is a special hyperlink that permits apps to open a specific resource within another app installed on the device instead of directing users to a website. 

TikTok App


In addition, the one-click exploit enabled hackers to get around the app’s restriction that rejects untrusted hosts. Thus, attackers could load any website of their choice via the Android System WebView. WebView is a system that displays web content on other apps. 

Hence, data thieves could have used this sophisticated security vulnerability to access user accounts without much effort. Thankfully, TikTok issued an immediate patch, saving more than millions of users using the TikTok Android app from becoming victims. 

Awanish Kumar

By Awanish Kumar

I keep abreast of the latest technological developments to bring you unfiltered information about gadgets.

Leave a Reply

Related news