Microsoft researchers discovered a high-severity flaw (CVE-2022-28799) in the TikTok Android app, which could have allowed attackers to hijack users’ accounts with a single click.
The experts state that the vulnerability would have required the chaining with other flaws to hijack an account. Microsoft reported the issue to TikTok in February, and the company quickly addressed it. Microsoft confirmed that it is not aware of attacks in the wild exploiting the bug.
The experts determined that the flaw impacted the Android app, which has over 1.5 billion installations via the Google Play Store.