Warning for MILLIONS of TikTok users over ‘tap of terror’ hack that could have infected your device in seconds

CYBER buffs have issued a warning about a TikTok vulnerability that could have allowed hackers to hijack people's accounts.

In a blog post yesterday, researchers at Microsoft revealed a bug in the Android version of the app, which has 1.5billion downloads.

Fortunately, the "high-severity" glitch labelled CVE-2022-28799 is now fixed.

There is no evidence that attackers used it to break into accounts.

Were hackers to have exploited the software defect, they could have accessed accounts with a single tap.

A malicious link could have been distributed via email or other online messaging services.

If the recipient were to tap the link, their account would have immediately been compromised.

From there, crooks could have publicised private videos, sent messages, and uploaded videos on victims' behalf.

"The vulnerability allowed the app’s deeplink verification to be bypassed," Microsoft wrote in a on Wednesday.

"Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers."

The bug was spotted by Microsoft's 365 Defender Research Team, who reported it to TikTok.

TikTok later fixed the problem and it is not believed that any accounts were compromised.

"The vulnerability ... has been fixed and we did not locate any evidence of in-the-wild exploitation," Microsoft said.

TikTok confirmed that there was "no evidence" that the bug was exploited by bad actors.