Microsoft has released a detailed rundown of an issue, now fixed, which was potentially dangerous for users of TikTok. The problem, flagged as a “high-severity vulnerability” by Microsoft, required several steps chained together in order to function. Attackers making use of it could have compromised accounts with one click.
From there, the standard rules of engagement for compromised accounts apply. Sending messages, uploading content, checking out sensitive information or looking at private videos; all of this and more would have been possible. Worse, Microsoft determined that both versions of the TikTok app on Android were vulnerable to this issue. That’s around 1.5 billion installations in total, so it’s just as well TikTok received word of the vulnerability in February of this year and it’s now fixed.