[German]Microsoft has discovered a dangerous vulnerability in the TikTok app for Android that allowed user accounts to be compromised with a single click. In the meantime, this vulnerability in the TikTok app for Android has been closed.
TikTok is a service operated by the Chinese provider Bytedance, which provides short video clips and videos for lip-syncing music videos. Moreover, there are additional functions of a social network. The platform is especially popular with young people, and apps are available for Android and iOS.
The company is controversial due to concerns about data and youth protection as well as spying and censorship in favor of the Chinese government. The US government under former President Donald Trump tried to ban the Chinese TikTok app along with its service in the US unless the US business was sold to a US tech company. There was the announcement by the US Commerce Department, which, on the orders of the US President, banned US citizens from downloading the TikTok app in US app stores. The whole thing was then stopped again by US judges.
Serious vulnerability in TikTok app
TikTok exists as an Android app in two variants: one for East and Southeast Asia under the package name com.ss.android.ugc.trill and another for the remaining countries under the package name com.zhiliaoapp.musically. As part of a vulnerability analysis by TikTok, Microsoft's security researchers then discovered that both variants of the app for Android, which together have over 1.5 billion installs in the Google Play Store, are affected by a vulnerability.
This step would have allowed attackers to access and modify users' TikTok profiles and sensitive information. For example, it could have published private videos, sent messages, and uploaded videos on behalf of users. After carefully reviewing the impact, a Microsoft security researcher notified TikTok of the issues in February 2022.
TikTok quickly responded and released a fix for the CVE-2022-28799 vulnerability. TikTok users are advised to ensure they are using the latest version of the app. Microsoft has published its findings as of August 31, 2022 on the Security Blog in the post Vulnerability in TikTok Android app could lead to one-click account hijacking.
Cookies helps to fund this blog: Cookie settings