TikTok Account takeover bug
Researchers have discovered a vulnerability in TikTok’s Android app which could allow attackers to remotely hijack user accounts.
Tracked as CVE-2022-28799, Microsoft reported the vulnerability to TikTok in February 2022, after which TikTok promptly fixed the issue. Although the app has an estimated 1.5 billion downloads on the Play Store, the bug has not yet been exploited in the wild.
With complete access over users’ accounts, attackers could change their profile details, send messages, upload videos, and even publish private videos.