TikTok’s Android app had a vulnerability giving attackers undetectable access to accounts
Today, Microsoft disclosed a vulnerability in the TikTok Android app that allowed attackers to access user accounts with a single click. This follows a recent clarification from TikTok about a suspected US data breach.
The specifics of the exploit required multiple issues to be chained together to work, and the issue has already been resolved, with no evidence of exploitation in the wild. Attackers could have used it without users knowing if it had been used.
There are two different variations of the TikTok app, one for East and Southeast Asia, and another for other countries. Both were affected by this exploit and Microsoft notified TikTok in February 2022 of the issue.