Four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party app. The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue. If exploited, the flaws could allow attackers to access victims private messages and videos within the app. If successful, an attacker could fully compromise the target s TikTok account. The bugs have been patched in version 17.4.4 of the TikTok app.
Source: https://threatpost.com/tiktok-android-compromise/159208/