Security News > 2021 > March > TikTok Pays Out $11,000 Bounty for High-Impact Exploit
A researcher has earned over $11,000 from TikTok after disclosing a series of vulnerabilities that could have been chained for a high-impact 1-click exploit.
As for what an attacker could have done with this exploit, the researcher said "Anything TikTok can do on your device, the exploit can do."
"If the victim has given the storage permission to the TikTok application, the exploit can access the storage's files," Abdelhafiz explained.
"If bad people exploit this vulnerability, they may chain it with an Android vulnerability to take over the whole device, even if the TikTok app doesn't have permission to do anything."
Abdelhafiz told SecurityWeek that TikTok acted quickly and rolled out a temporary fix within a week, but the social media giant only allowed him to disclose details of his findings last week.
TikTok launched its public bug bounty program in collaboration with HackerOne in October 2020.