CYBER buffs have issued a warning about a TikTok vulnerability that could have allowed hackers to hijack people's accounts.
In a blog post yesterday, researchers at Microsoft revealed a bug in the Android version of the app, which has 1.5billion downloads.
Fortunately, the "high-severity" glitch labelled CVE-2022-28799 is now fixed.
There is no evidence that attackers used it to break into accounts.
Were hackers to have exploited the software defect, they could have accessed accounts with a single tap.
A malicious link could have been distributed via email or other online messaging services.
Read more about TikTok
I’m TikTok chef & use mix plus cheap appliance to make birthday cake at desk
Parents warned of sinister meaning behind ‘back to school necklace’ TikTok trend
If the recipient were to tap the link, their account would have immediately been compromised.
From there, crooks could have publicised private videos, sent messages, and uploaded videos on victims' behalf.
"The vulnerability allowed the app’s deeplink verification to be bypassed," Microsoft wrote in a blog post on Wednesday.
Most read in Tech
Urgent warning for over a MILLION Android users – you must delete an app now
WhatsApp issues huge change that will affect BILLIONS of users forever
Clearest ever footage of Titanic wreck shows anchor & boiler on seafloor
Over 1.4MILLION Google Chrome users warned of dangerous mistake with big cost
The bug was spotted by Microsoft's 365 Defender Research Team, who reported it to TikTok.
TikTok later fixed the problem and it is not believed that any accounts were compromised.
"The vulnerability … has been fixed and we did not locate any evidence of in-the-wild exploitation," Microsoft said.
TikTok confirmed that there was "no evidence" that the bug was exploited by bad actors.
It highlights the importance of thinking twice before clicking on a link sent from an unknown email address or phone number.
If you're unsure who's sent you something, it's best to take a moment to make sure it's safe.
You can do that using link-checking services such as Norton Safe Web.
Read More on The Sun
Town offers £440k salary for job – 3 TIMES going rate – but still no takers
I did a Shein clothes haul and it was a total fail
If you believe you've been sent a malicious link or file, report the sender and delete the message immediately.
You should also always make sure that your smartphone and apps are up to date with the latest software.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
- How to delete your Instagram account
- What does pending mean on Snapchat?
- How to check if you've been blocked on WhatsApp
- How to drop a pin on Google Maps
- How can I change my Facebook password?
- How to go live on TikTok
- How to clear the cache on an iPhone
- What is NFT art?
- What is OnlyFans?
- What does Meta mean?
Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at email@example.com
Source: Read Full Article