Android TikTok users urged to update app after \u201chigh-severity vulnerability\u201d discovered Unsplash: Olivier BergeronTikTok users on Android are being urged to ensure their app is up to date, after Microsoft discovered and fixed a \u201chigh-severity vulnerability.\u201d On August 31, the Microsoft 365 Defender Research Team revealed that they had discovered a \u201chigh-severity vulnerability\u201d in the TikTok app for Android, which they say potentially could have allowed attackers to compromise people\u2019s accounts with just one click. They explained that although they found no evidence of \u201cin-the-wild exploitation\u201d of the vulnerability, attackers could have modified users\u2019 profiles and sensitive account information if the user clicked on a \u201cspecially crafted link,\u201d allowing potential attackers to post private videos and send messages. Microsoft explained: \u201cThe vulnerability allowed the app\u2019s deeplink verification to be bypassed. Attackers could force the app to load an arbitrary URL to the app\u2019s WebView, allowing the URL to then access the WebView\u2019s attached JavaScript bridges and grant functionality to attackers.\u201d They notified TikTok of the vulnerability, which was rated as high severity with a score of 8.3, through Coordinated Vulnerability Disclosure in February 2022, as part of their responsible disclosure policy. TikTok responded by releasing a fix to address the vulnerability, which has been identified as CVE-2022-28799, \u201cin an updated version of the app released less than a month after the initial disclosure.\u201d Microsoft wrote: \u201cWe commend the efficient and professional resolution from the TikTok security team. TikTok users are encouraged to ensure they\u2019re using the latest version of the app.\u201d They went on to advise users not to click on links from untrusted sources, to keep their devices and applications up to date, and to \u201cimmediately report any strange application behavior to the vendor, such as setting changes triggered without user interaction.\u201d If you need more information on how to update your TikTok app on both iPhone and Android, you can check out our guide here.<\/p>\n","protected":false},"excerpt":{"rendered":"
Android TikTok users urged to update app after \u201chigh-severity vulnerability\u201d discovered Unsplash: Olivier BergeronTikTok users on Android are being urged to ensure their app is up to date, after Microsoft discovered and fixed a \u201chigh-severity vulnerability.\u201d On August 31, the Microsoft 365 Defender Research Team revealed that they had discovered a \u201chigh-severity vulnerability\u201d in the […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-44384","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/posts\/44384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/comments?post=44384"}],"version-history":[{"count":0,"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/posts\/44384\/revisions"}],"wp:attachment":[{"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/media?parent=44384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/categories?post=44384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dejan.au\/index.php\/wp-json\/wp\/v2\/tags?post=44384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}