Skip to main content
  1. Home
  2. Computing
  3. News

This severe TikTok vulnerability gives hackers 70 ways to steal your info

By

After internal testing, Microsoft discovered an exploit in the Android version of TikTok that could have given attackers access to huge amounts of personal data with a single click.

The vulnerability has already been fixed, and it does not appear that anyone has been affected by the exploit. The attackers could have used this vulnerability to access user profiles, allowing outside forces to publicize private videos, send messages, and even upload videos.

Recommended Videos

The exploit took advantage of the way TikTok handles WebView code by bypassing deep link verification. When a TikTok user selects an affected deep link, the URL could access JavaScript bridges that granted attackers functionality on the account. JavaScript bridges continue to pose a security risk on a variety of apps, and Microsoft, in a blog post, emphasized how “… collaboration within the security community is necessary to improve defenses for the overall digital ecosystem.”

Please enable Javascript to view this content

The exploit could have affected over 1.5 billion TikTok installations from the Google Play Store.

The vulnerability is actually a combination of several issues that, when combined together, could give attackers access to these accounts. Microsoft details all of its findings and how it discovered the exploit in its in-depth blog post.

When Microsoft notified TikTok’s security team of the issue, they “responded by releasing a fix to address the reported vulnerability, now identified as CVE-2022-28799, and users can refer to the CVE entry for more information. We commend the efficient and professional resolution from TikTok’s security team.”

News of this exploit comes on the heels of frequent reports of TikTok’s excessive data collection. Hopefully, this quick patch reflects how seriously the company takes user data and privacy. Microsoft and TikTok both recommend you double-check to make sure you are on the latest version of the app to avoid any issues.

Editors’ Recommendations

Topics
Caleb Clark
Caleb Clark
Former Digital Trends Contributor
Caleb Clark is a full-time writer that primarily covers consumer tech and gaming. He also writes frequently on Medium about…
Mobile-based free VR tool is helping people beat speech anxiety
Person wearing a VR kit for speech training.

Virtual Reality was once considered a niche for video games, but over the years, it has found application in many areas. From finding a place in medical education and paving the way for immersive concerts to helping teens and adults deal with psychological distress, the applications of VR are now an ever-expanding domain.
The latest VR innovation comes from the University of Cambridge, and it aims to help people overcome speech anxiety and the fear of public speaking. The institution’s Immersive Technology Lab has launched a free VR training platform that focuses on accessibility and provides expert-curated course material.
Terrified of public speaking? This Cambridge VR solution could eliminate your fear
To that end, the team has created a system that doesn’t necessarily rely on an expensive VR headset. Instead, all it needs is the smartphone in your pocket to provide an immersive experience, fitted atop a mounting kit that can cost as little as $20 a pop.
The training material, on the other hand, is freely available via a website to anyone across the world. Moreover, it is also one of the first products of its kind with a dual-compatible VR player architecture, which means it works just fine with iPhones and Android devices.

“The platform has been built in such a way that whether a participant is using the latest standalone VR headset or an old smartphone inserted into a device mount, they will get the same content and the same experience,” says the team.
The idea is not too different from the Google Cardboard, which cost $15 roughly a decade ago and offered a low-cost route to experiencing VR content by using one’s smartphone. But unlike Google’s approach, we have now entered a market phase where “converter kits” are a lot more polished and use higher quality materials.

Read more
Intel’s Panther Lake chips might not roar until 2026
The Intel Pather Lake SoC showcased at the Embedded World 2025. Captured by PC Games Hardware.

Intel’s next-generation Panther Lake laptop processors, originally expected to launch in late 2025, may now be delayed until the first quarter of 2026. The delay appears to be linked to challenges with Intel’s 18A process node, which plays a critical role in the Panther Lake architecture. This shift could affect Intel’s competitive timeline as rival chipmakers continue advancing their own next-gen processors.

According to slides obtained by VideoCardz, Intel has listed Panther Lake for a Q1 2026 release, suggesting a delay from previous expectations. These internal documents also hint that Panther Lake could be branded under the Core Ultra 300 series when it finally launches, following Intel’s recent shift in naming conventions.

Read more
I saw Google’s Gemini AI erase copyright evidence. I am deeply worried
Gemini Advanced on the Google Pixel 9 Pro Fold.

The rise of generative AI has been a fairly messy process, especially from fair usage ethics and copyright perspective. AI giants are inking deals with publishers to avoid legal hassles, while at the same time, they are embroiled in copyright tussles in courts in multiple countries.
As the ravenous appetite for training AI on user data grows, we might be in for another ethical conundrum. Multiple users on X and Reddit have shared demonstrations of how Google’s latest Gemini 2.0 series AI model can remove watermarks from copyright-protected images.
Going by the before/after samples of images, it seems Gemini is doing a fairly good job of removing the watermarks. Notably, it’s not only erasing those banner-style watermarks, but also fairly complex overlays with design and stylized text elements.
https://x.com/ajiteshleo/status/1901484196972945872?s=61
The model in question is the Gemini 2.0 Flash, which was released earlier this year and got a reasoning upgrade, as well. It is worth noting here that you can not remove the watermark if you are using the mobile or desktop version of the Gemini 2.0 Flash model. Trying to do so returns a message like this:
“Removing watermarks from images without the explicit permission of the copyright holder is illegal in most countries. It is important to respect the copyright laws and intellectual property rights. If you want to use an image with a watermark, you should contact the copyright holder and ask for permission.”
You can, however, try and remove the watermark from images in the Google AI Studio. Digital Trends successfully removed watermarks from a variety of images using the Gemini 2.0 Flash (Image Generation) Experimental model. We strongly recommend that you don’t replicate these steps.

It is a violation of local copyright laws and any usage of AI-modified material without due consent could land you in legal trouble. Moreover, it is a deeply unethical act, which is also why artists and authors are fighting in court over companies using their work to train AI models without duly compensating them or seeking their explicit nod.

Read more