Researchers have discovered a critical vulnerability in the TikTok Android app which could allow hackers to hijack user accounts remotely.
The vulnerability, CVE-2022-28799, was reported to the ByteDance owned company by Microsoft in February 2022. Tiktok quickly fixed the issue. It is estimated that the app has around 1.5billion downloads on the Play Store, however, Microsoft added, the bug has not yet been exploited in the wild.
Attackers could, with full control over users’ accounts, change the victim’s profile details, send messages, publish private videos and upload content.
This comes not long after concerns in the US over the safeguarding of user data from Chinese staff in July.