Microsoft’s 365 Defender team revealed that it found a “high severity” security flaw in TikTok‘s Android app that puts hundreds of millions of users at risk of getting their accounts compromised.
The reported flaw gives hackers the ability to get access to the account just by letting the user go to a link. This was tested by the 365 Defender team and was able to create a link that allowed them to access a user’s account even without their password.
“Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link,” mentioned Dimitrios Valsamaras of the Microsoft 365 Defender research team mentioned in the report.
Thankfully though, the team tipped TikTok and the social media platform has already fixed the flaw. Both companies assure that there was no evidence that the flaw was exploited by hackers though. Additionally, the flaw was found only in the Android app, the iPhone version was not affected.
“Through our partnership with security researchers at Microsoft, we discovered and quickly fixed a vulnerability in some older versions of the Android app. We appreciate the Microsoft researchers for their efforts to help identify potential issues so we can resolve them,” a TikTok spokesperson mentioned to the NY Post.
TikTok’s Android app has been downloaded through the Google Play Store more than 1.5 billion times.
“We will continue to work with the larger security community to share research and intelligence about threats in the effort to build better protection for all,” Valsamaras concluded in the post.