Today, Microsoft has disclosed a vulnerability within the TikTok Android app, which allowed attackers to access user accounts with a single click. This follows a recent clarification by TikTok on a suspected data breach in the U.S.
The specifics of the exploit required several issues to be chained together to function, and the issue has already been fixed, with no evidence of in-the-wild exploitation. Attackers would have been able to make use of this without the users' awareness if it had been utilised.
There are two different variations of the TikTok app, one for East and South East Asia, and the other for the remaining countries. Both were affected by this exploit, and Microsoft notified TikTok back in February 2022 of the issue.