TikTok has been under a lot of scrutiny lately and even the US government has banned the use of the app on government-owned smartphones in the army. And this time around, the US government might be right to be concerned.
A security firm named Check Point has found a serious vulnerability in TikTok allowing attackers to access the videos along with pretty much everything on the victim’s profile. It was possible to send a spoofed text message from TikTok and once the user clicks on the fake link it would allow the attacker to partially take control of the user’s profile.
Additionally, the app would have allowed the hacker to redirect the victim to a website that looks exactly like TikTok.
Fortunately, Check Point has notified TikTok about the issue back in November and it has since been patched.