(Pictured) TikTok Legacy Exposes Multiple Security Vulnerabilities, Please Upgrade to the Latest Edition as Soon as Possible

With more than 1.5 billion registered users worldwide and more than 700 million monthly active users, TikTok’s large user base has naturally become a target for hacking attacks. According to the latest warning issued by security firm Check Point, some versions of TikTok are highly vulnerable to attacks in a variety of ways, potentially damaging and stealing personal information stored on mobile phones.

(Pictured) TikTok Legacy Exposes Multiple Security Vulnerabilities, Please Upgrade to the Latest Edition as Soon as Possible

Check Point says there are multiple vulnerabilities in the popular short video app that makes it relatively easy for an attacker to take control of your account, upload or delete videos, and even expose videos that users are set to hide. The vulnerabilities were discovered last November, and both Android and iOS’s TikTok were affected, but have been fixed in the latest version.

(Pictured) TikTok Legacy Exposes Multiple Security Vulnerabilities, Please Upgrade to the Latest Edition as Soon as Possible

(Pictured) TikTok Legacy Exposes Multiple Security Vulnerabilities, Please Upgrade to the Latest Edition as Soon as Possible

(Pictured) TikTok Legacy Exposes Multiple Security Vulnerabilities, Please Upgrade to the Latest Edition as Soon as Possible

(Pictured) TikTok Legacy Exposes Multiple Security Vulnerabilities, Please Upgrade to the Latest Edition as Soon as Possible

One of the vulnerabilities is that TikTok allows users to accept download links through SMS information, which can be requested via the official website. But the mechanism wasn’t perfect, as researchers found a way to manipulate text and modify links in SMS messages to send special commands to the app if installed on your phone. In addition, they can use this vulnerability to send messages to any phone number, not just the phone number used to register a TikTok account.

Attackers can then use the BUG in the browser redirection settings to control your account, obtain relevant personal information such as your email, and even make your private videos public. With some more granular JavaScript code wizards, an attacker can even create videos and publish them to third-party accounts.

Check Point said byteDance quickly made changes to fix the vulnerabilities in a new version released in December after it was reported to the TikTok security issue in November.