Microsoft Discover Severe 'One-Click' Exploit for TikTok Android App

Microsoft on Wednesday disclosed details of a now-patched "high severity vulnerability" in the TikTok app for Android that could let attackers take over accounts when victims clicked on a malicious link. "Attackers could have leveraged the vulnerability to hijack an account without users' awarene...

CVE-2022-28799

The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...

CVE-2022-28799

The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...

PT-2022-19245 · Bytedance +1 · Tiktok +1

Name of the Vulnerable Software and Affected Versions: TikTok application before 23.7.3 for Android Description: The issue allows account takeover through a crafted URL that can force the com.zhiliaoapp.musically WebView to load an arbitrary website, potentially leveraging an attached JavaScript...