Skip to main content

This severe TikTok vulnerability gives hackers 70 ways to steal your info

After internal testing, Microsoft discovered an exploit in the Android version of TikTok that could have given attackers access to huge amounts of personal data with a single click.

The vulnerability has already been fixed, and it does not appear that anyone has been affected by the exploit. The attackers could have used this vulnerability to access user profiles, allowing outside forces to publicize private videos, send messages, and even upload videos.

The exploit took advantage of the way TikTok handles WebView code by bypassing deep link verification. When a TikTok user selects an affected deep link, the URL could access JavaScript bridges that granted attackers functionality on the account. JavaScript bridges continue to pose a security risk on a variety of apps, and Microsoft, in a blog post, emphasized how “… collaboration within the security community is necessary to improve defenses for the overall digital ecosystem.”

The exploit could have affected over 1.5 billion TikTok installations from the Google Play Store.

The vulnerability is actually a combination of several issues that, when combined together, could give attackers access to these accounts. Microsoft details all of its findings and how it discovered the exploit in its in-depth blog post.

When Microsoft notified TikTok’s security team of the issue, they “responded by releasing a fix to address the reported vulnerability, now identified as CVE-2022-28799, and users can refer to the CVE entry for more information. We commend the efficient and professional resolution from TikTok’s security team.”

News of this exploit comes on the heels of frequent reports of TikTok’s excessive data collection. Hopefully, this quick patch reflects how seriously the company takes user data and privacy. Microsoft and TikTok both recommend you double-check to make sure you are on the latest version of the app to avoid any issues.

Editors' Recommendations

Caleb Clark
Caleb Clark is a full-time writer that primarily covers consumer tech and gaming. He also writes frequently on Medium about…
The worst GPUs of all time: loud, disappointing, uninspired
The Nvidia GeForce GTX 480.

When you look at some of the best graphics cards of today, it's easy to forget that Nvidia and AMD (and more recently, Intel) weren't always the only players in the GPU game. While both AMD and Nvidia have committed their fair share of GPU blunders, they're not the only two brands behind some of the worst GPUs of all time.

Let's take a look at some of the graphics cards that will make you appreciate the current GPU landscape, and yes, even including cards that are borderline mistakes. (Hello, RTX 4060 Ti.) Here are the GPUs that did it terribly, terribly wrong, even though each had something interesting or innovative to bring to the table.

Read more
The best HP laptops to buy in 2023
HP Spectre x360 13.5 front angled view showing display and keyboard deck.

HP offers several excellent laptop lines that are tailored for professionals, traveling, and student use, and it generally makes great all-purpose laptop models for those who want dependability and performance. HP laptops show up on our best laptops and best 2-in-1s lists, among others. However, picking and customizing an HP laptop can be a confusing process for newcomers, and it's not always immediately clear what differences mark the various HP lines, nor which is the best pick.

Allow us to make the choice easier with our list of the best HP laptops available in 2023, and an explanation of what each model excels at.

Read more
Best Squarespace deals: Save on domains, web builder, and more
A laptop with Squarespace displayed on the screen.

Squarespace is a good tool for getting your name, product, or service onto the web. In fact, you’ll be surprised how easy it is to build a website with Squarespace. But it’s also easy to save on Squarespace’s offerings, as there are some Squarespace deals taking place right now. Squarespace’s services include domain registration, hosting, website building, online stores, email campaigns, and even Squarespace Courses, among a range of other things. Several of these will land you some savings right now with things like coupon codes and student plans. We’ve rounded up the best ways to save on a Squarespace subscription below, as well as some details on why it may be the right website builder for you.
Today’s best Squarespace deals

Squarespace Personal Plan —

Read more