The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.
Researchers have disclosed four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party Android app. If successful, an attacker could fully compromise the target’s TikTok account. Public disclosure of the vulnerabilities was Friday and all bugs have been patched in version 17.4.4 of the app.
Oversecured researchers said they found the arbitrary code execution flaws and one arbitrary file theft vulnerability in TikTok. Disclosure of the flaws come just as the owner of social-media platform have
reportedly chosen Oracle as an American tech partner that could help keep the app running in the U.S.,on the heels of U.S. president Donald Trump threatening to ban the app over spying concerns.