Microsoft researchers stated that the ‘one-click’ potential threat which was revealed to TikTok, back in February, has been patched out.
According to Microsoft 365 Defender researcher, the Android TikTok version has a serious vulnerability that could allow hackers to take full control of the user’s account. Back in February, the researchers had revealed the exploit to TikTok, through a reporting page.
Furthermore, TikTok released an update within a month, saying that the issue was fixed. However, neither researchers nor the company could predict for how long the fraud was there.
The severity of the Exploit
Malicious persons can simply get account access via a special link. Once they enter the system’s JavaScript they can change any of the user settings or information. Any hacker can misuse this access to send inappropriate messages to strangers or friends, can upload videos, or even turn private videos public. No one can predict the malicious intentions but the most obvious consequences are the user’s sensitive information like emails, passwords, and other private information. According to Researchers vulnerability was “high severity”.
But when it comes to the exploit’s ‘high severity’ impact on users, then TikTok is not revealing any statement. However, according to researchers, the exploit was present in the East Asia version as well as the other TikTok version of the app. Consequently, all 1.5 billion people who had downloaded the app were susceptible to the exploit.
Due to the unsecured JavaScript interface, the researchers especially emphasize being cautious of the danger. They add “we recommend that the developer community be aware of the risks and take extra precautions to secure WebView.” Moreover, another researcher found TikTok’s JavaScript, which is a potential danger. As it could record all the inputs by the user from the in-app browser of the application. But Controversially, TikTok denied the fact and stated that this code was there for troubleshooting and debugging purposes.
