CVE-2024-45240

Name of the Vulnerable Software and Affected Versions TikTok versions prior to 34.5.5

Description The issue allows the takeover of Lynxview JavaScript interfaces via deeplink traversal in the application's exposed WebView. On Android 12 and later, this is only exploitable by third-party applications.

Recommendations For versions prior to 34.5.5, update to version 34.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the exposed WebView to minimize the risk of exploitation.