"TikTok for Android Bug Allows Single-Click Account Hijack"

Microsoft recently discovered a high-severity flaw in the Android version of the TikTok app, which has been installed more than 1.5 billion times so far via the Google Play Store.  The researchers discovered the high-severity vulnerability in the handling of one of TikTok for Android's deeplinks, a particular type of hyperlink in Android that links to a specific component within an app.  To exploit it, cybercriminals could craft a malicious link that, if clicked, would allow full account access.  Tracked as CVE-2022-28799, the flaw could allow attackers to modify users' TikTok profiles and access sensitive information, "such as by publicizing private videos, sending messages, and uploading videos on behalf of users," according to Microsoft.  If an attacker exploits this flaw, it exposes 70 methods for an attacker to modify users' TikTok profiles and access sensitive information without users' awareness.

Dark Reading reports: "TikTok for Android Bug Allows Single-Click Account Hijack"