Microsoft found and reported a high severity flaw in the TikTok Android app in February that allowed attackers to "quickly and quietly" take over accounts with one click by tricking targets into clicking a specially crafted malicious link.
"Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Microsoft 365 Defender Research Team's Dimitrios Valsamaras said.