Microsoft has saved TikTok from a critical one-click vulnerability

As creator your social media accounts are your lifeblood. The best two-factor authentication apps as well as password managers are critical for keeping the accounts safe but they can only do so much when the apps you are using themselves are vulnerable. Now imagine by clicking on the link that provides you random person unrestricted access to your TikTok account, access your messages, complete with permission to make private videos public, change your bio and also upload your new content. By tapping on the targeted link you could have ended your account as you knew but thanks to Microsoft which has identified this vulnerability before any widespread disaster.

Android apps like TikTok has declared in the app manifest how they need to handle these kind of links to content within them. Deeplinks are necessarily very specific hyperlinks which provide you access to individual components as well as functions of an app. The manifest ensures that clicking on an link in your browser takes you to TikTok app. TikTok is supposed to only load the content on WebView component after URL validation like Instagram Reels does not accidentally open in TikTok app. Microsoft discovered that the culprits could bypass deeplink verification and load whatever URLs they please with WebVIew component of TikTok.

Leave a Reply

Your email address will not be published. Required fields are marked *