On 31 August 2022, Microsoft’s Threat Intelligence notified TikTok of a critical vulnerability on its Android app which gave potential for attackers to take complete control of accounts, via just one click.
The flaw was found in how the TikTok verified links (known as ‘deeplinks’) and allowed attackers to load malicious URLs.
These malicious scripts would then be able to access the wider TikTok functionality and breach accounts.
TikTok quickly patched the issue and there is no evidence it was exploited by malicious parties.
To avoid such issues, experts recommend regular updating of apps, and using bounties for reward programmes to encourage widespread reporting of flaws and quick patching.