Skip to main content
  1. Home
  2. Computing
  3. News

This severe TikTok vulnerability gives hackers 70 ways to steal your info

By

After internal testing, Microsoft discovered an exploit in the Android version of TikTok that could have given attackers access to huge amounts of personal data with a single click.

The vulnerability has already been fixed, and it does not appear that anyone has been affected by the exploit. The attackers could have used this vulnerability to access user profiles, allowing outside forces to publicize private videos, send messages, and even upload videos.

Recommended Videos

The exploit took advantage of the way TikTok handles WebView code by bypassing deep link verification. When a TikTok user selects an affected deep link, the URL could access JavaScript bridges that granted attackers functionality on the account. JavaScript bridges continue to pose a security risk on a variety of apps, and Microsoft, in a blog post, emphasized how “… collaboration within the security community is necessary to improve defenses for the overall digital ecosystem.”

The exploit could have affected over 1.5 billion TikTok installations from the Google Play Store.

The vulnerability is actually a combination of several issues that, when combined together, could give attackers access to these accounts. Microsoft details all of its findings and how it discovered the exploit in its in-depth blog post.

When Microsoft notified TikTok’s security team of the issue, they “responded by releasing a fix to address the reported vulnerability, now identified as CVE-2022-28799, and users can refer to the CVE entry for more information. We commend the efficient and professional resolution from TikTok’s security team.”

News of this exploit comes on the heels of frequent reports of TikTok’s excessive data collection. Hopefully, this quick patch reflects how seriously the company takes user data and privacy. Microsoft and TikTok both recommend you double-check to make sure you are on the latest version of the app to avoid any issues.

Editors' Recommendations

Topics
Caleb Clark
Caleb Clark
Former Digital Trends Contributor
Caleb Clark is a full-time writer that primarily covers consumer tech and gaming. He also writes frequently on Medium about…
Lenovo’s Surface Pro alternative is $70 off right now
The Lenovo IdeaPad D Series 2-in-1 laptop with its detachable keyboard on a white background.

Even with the discounts from Surface Pro deals, Microsoft's 2-in-1 devices are still pretty expensive. If you like their versatility but they're beyond your budget, here's an affordable alternative -- the Lenovo IdeaPad D Series 2-in-1 laptop for only $360 from Walmart, following a $70 discount on its original price of $430. We're not sure how long this offer will last though, so if you're interested in taking advantage of it, it's highly recommended that you proceed with the transaction right now.

Why you should buy the Lenovo IdeaPad D Series 2-in-1 laptop
The Lenovo IdeaPad D Series 2-in-1 laptop looks and works similar to the Microsoft Surface Pro 9, with a detachable keyboard that also functions as protection for its 10.9-inch touchscreen with 2000 x 1200 resolution. It's much more affordable though, as it comes with the Qualcomm Kryo 468 processor and 8GB of RAM. It's not the fastest 2-in-1 laptop out there, but it's going to be more than enough to handle regular tasks such as doing online research and creating reports.

Read more
HP’s 34-inch curved gaming monitor is down to $350 today
The HP Omen 34c gaming monitor with video game art on the screen.

You won't be able to maximize your gaming PC if you're still using an outdated display. You should upgrade your screen to something like the HP Omen 34c gaming monitor, which you can get from Best Buy at $130 off. Instead of its original price of $480, you'll only have to pay $350, but time may already be running out for you to take advantage of this offer. If you want the savings when buying this gaming monitor, you're going to have to proceed with the purchase immediately.

Why you should buy the HP Omen 34c gaming monitor
The HP Omen 34c gaming monitor features a 34-inch screen with QHD resolution that will let you appreciate the graphics of the best PC games, and a 165Hz refresh rate exceeds the recommended range by our computer monitor buying guide. The 1500R curvature of the gaming monitor's display fills your peripheral vision for complete immersion in the game that you're playing, while HP's Eye Ease technology reduces blue light emissions to keep your eyes comfortable even after you've been looking at the screen for several hours.

Read more
Intel’s next-gen Arrow Lake may introduce some major changes to desktop chips
Intel CEO Pat Gelsinger presents Intel's roadmap including Arrow Lake, Lunar Lake, and Panther Lake.

It's been a busy Computex for Intel, but one of its most exciting announcements -- at least for consumers -- slipped a little under the radar. The company will soon expand its portfolio of desktop processors with the next-gen Arrow Lake, and we now have a rough idea of when CPUs will hit the market and how much of an improvement we can expect. Interesting bonus: Some of the new Z890 motherboards will support CAMM2 memory.

According to Wccftech, Intel is planning to officially unveil Arrow Lake in September during the Intel Innovation event, and the processors will launch shortly after, sometime in October this year. Desktop users are the lucky ones here, as they're the ones who will get access to Arrow Lake first -- laptop chips will follow at an undisclosed date. However, laptop users already get plenty to sink their teeth into with this year's Lunar Lake.

Read more