A flaw in the TikTok app could allow attackers to hijack any user account just by knowing the mobile number of the victim. The vulnerabilities include SMS link spoofing, open redirection, and cross-site scripting. The attack leverages a feature implemented by the popular app that allows sending an SMS message to any phone number on behalf of TikTok that contains a malicious URL instead of the legitimate download URL. The URL points to a specially-crafted page designed to execute code on a targeted device.”]
Source: https://securityaffairs.co/wordpress/96148/hacking/tiktok-hacking-accounts.html