Microsoft found a high-severity vulnerability in the TikTok Android application, which would have subjected users' accounts to susceptibility with just a single click. Microsoft reached out to Tiktok pointing out the issue that has since been patched.
Microsoft discovered a high-severity vulnerability in the TikTok Android application that could have allowed attackers to compromise accounts with a single click. Learn more about CVE-2022-28799, which is now fixed, via our latest blog post: https://t.co/0PaWJ5cFYj
— Microsoft Security Intelligence (@MsftSecIntel) August 31, 2022
Through this loophole, attackers could have compromised the account of any Tiktok users running on Android version 23.7.3 and lower without them knowing. By clicking on this malicious link, the attackers would get primary access to the user's account, thus allowing them to make changes and even post content on the platform. Once compromised, the user's Tiktok bio would then be changed to "SECURITY BREACHED".
Microsoft conducted an assessment to gauge the impact of this setback and found that both versions of Tiktok on Android were affected, that is, the one that serves East and Southeast Asia and the other one that serves the rest of the world. This translates to over 1.5 billion installations combined.
As per the blog post:
The vulnerability itself was ultimately found to reside in the app’s handling of a particular deeplink. In the context of the Android operating system, a deeplink is a special hyperlink that links to a specific component within a mobile app and consists of a scheme and (usually) a host part. When a deeplink is clicked, the Android package manager queries all the installed applications to see which one can handle the deeplink and then routes it to the component declared as its handler.
The deeplink handling does feature a verification process that essentially adds a layer of security which limits the activities that one can perform when an application loads on a given link. However, the attackers found a way to circumvent the verification process and be able to gain access to the app. They would then be able to access an authentication token linked to the user's account.