– ByteDance released a public thanks in their “Hall of Fame.”

: Secure your account using multi-factor authentication (MFA) linked via Google, Apple, or TikTok accounts.

ByteDance is actively hardening CapCut because it is now a critical piece of enterprise software for TikTok Shop sellers.

Validate all hostnames and path parameters passed via URLs. On Android, avoid using implicit intents for sensitive actions; instead, explicitly define the internal target activity to prevent intercept attacks. Best Practices for Submitting a Patch Validation

: Rewards researchers based on the severity of the bug found. The CapCut Bug Bounty Ecosystem

The security team was polite and acknowledged the validity