Chinese viral video-sharing app TikTok contained potentially dangerous vulnerabilities that could have allowed remote attackers to hijack any user account just by knowing the mobile number of targeted victims. The vulnerabilities include low severity issues like SMS link spoofing, open redirection, and cross-site scripting (XSS) that when combined could allow a remote attacker to perform high impact attacks. The attack leverages an insecure SMS system that TikTok offers on its website to let users send a message to their phone number with a link to download the application. An attacker can send an SMS message to any phone number on behalf of TikTok with a modified download URL to a malicious page.
Source: https://thehackernews.com/2020/01/hack-tiktok-account.html