Microsoft has reported a flaw to TikTok that allowed a hacker to access user accounts without their knowledge. The vulnerability, since corrected, was present at the level of the Android application of the social network which has more than a billion users in the world.
This flaw, which affected TikTok on Android with version 23.7.3 and lower, required the chaining of several elements to be exploited. According to Microsoft, no one has exploited it. This means that no user was likely to have been affected by this vulnerability.
There are actually two versions of TikTok on Android, one for East and Southeast Asia, and another for the rest of the world. Microsoft performed a vulnerability assessment and found that both versions were affected.
Microsoft notified TikTok of the flaw in February 2022. A patch update was released in March. However, Microsoft only revealed its existence today.