Microsoft has discovered that the TikTok Android app has been impacted by a high-severity vulnerability, tracked as CVE-2022-28799, which could allow quick and stealthy account takeovers through a specially crafted link, according to BleepingComputer.
"Attackers could have then accessed and modified users' TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users," said Microsoft 365 Defender Research Team's Dimitrios Valsamaras.
HackerOne has provided more insights into the flaw.
There has been no evidence indicating active exploitation of the vulnerability, which has already been patched with the release of TikTok version 23.7.3.
The European Union Agency for Cybersecurity (ENISA) has published a report on potential cybersecurity threats for 2030, trying to anticipate future security risks based on current trends and expert opinions. While some of the less likely predictions may touch on science fiction, the top two anticipated threats are already with us today: software supply chain compromises and AI-enhanced disinformation campaigns.