EnlargeGetty Images
Microsoft said on Wednesday that it recently identified a vulnerability in TikTok’s Android app that could allow attackers to hijack accounts when users did nothing more than click on a single errant link. The software maker said it notified TikTok of the vulnerability in February and that the China-based social media company has since fixed the flaw, which is tracked as CVE-2022-28799.
The vulnerability resided in how the app verified what’s known as deeplinks, which are Android-specific hyperlinks for accessing individual components within a mobile app. Deeplinks must be declared in an app’s manifest for use outside of
→ Continue reading at Ars Technica