Theo Engadgeta report from Microsoft’s 365 Defender research group detailed how hackers were able to attack users with one click, which the company reported to TikTok in February. This media service provider. then quickly patched the vulnerabilities before Microsoft disclosed them, and Microsoft said it had no evidence that the vulnerability was exploited by anyone.
Android users need to update to the latest version of the TikTok app
“We provided them with information about the vulnerability and worked together to help fix it,” said Microsoft security researcher Tanmay Ganacharya. TikTok responded quickly and we commend the efficient and professional resolution from their security team.”
Microsoft says the vulnerability is related to the monitoring of TikTok’s deep linking functionality. On Android, developers can program their apps to handle certain URLs in specific ways. For example, when a user taps on Twitter embedded in Chrome and the result is the Twitter app automatically opening on their phone.
However, Microsoft has found a way to bypass the verification process that TikTok has put in place to restrict deep links from performing certain actions. They later discovered that they could use that vulnerability to gain access to all major account functions, including the ability to post content and message other TikTok users. The vulnerability is present in both global versions of the TikTok for Android app with over 1.5 billion downloads, so the potential impact of the vulnerability is significant if TikTok doesn’t fix it.
Microsoft recommends that all TikTok users on Android download the latest version of the app as soon as possible. Users are advised to avoid downloading apps from external sources to avoid editing APK files.