This severe TikTok vulnerability gives hackers 70 ways to steal your info

By Caleb Clark August 31, 2022

After internal testing, Microsoft discovered an exploit in the Android version of TikTok that could have given attackers access to huge amounts of personal data with a single click.

The vulnerability has already been fixed, and it does not appear that anyone has been affected by the exploit. The attackers could have used this vulnerability to access user profiles, allowing outside forces to publicize private videos, send messages, and even upload videos.

The exploit took advantage of the way TikTok handles WebView code by bypassing deep link verification. When a TikTok user selects an affected deep link, the URL could access JavaScript bridges that granted attackers functionality on the account. JavaScript bridges continue to pose a security risk on a variety of apps, and Microsoft, in a blog post, emphasized how “… collaboration within the security community is necessary to improve defenses for the overall digital ecosystem.”

The exploit could have affected over 1.5 billion TikTok installations from the Google Play Store.

The vulnerability is actually a combination of several issues that, when combined together, could give attackers access to these accounts. Microsoft details all of its findings and how it discovered the exploit in its in-depth blog post.

When Microsoft notified TikTok’s security team of the issue, they “responded by releasing a fix to address the reported vulnerability, now identified as CVE-2022-28799, and users can refer to the CVE entry for more information. We commend the efficient and professional resolution from TikTok’s security team.”

News of this exploit comes on the heels of frequent reports of TikTok’s excessive data collection. Hopefully, this quick patch reflects how seriously the company takes user data and privacy. Microsoft and TikTok both recommend you double-check to make sure you are on the latest version of the app to avoid any issues.

Editors' Recommendations

Topics

Former Digital Trends Contributor

Caleb Clark is a full-time writer that primarily covers consumer tech and gaming. He also writes frequently on Medium about…

Computing

A Redditor ‘didn’t know’ about the Steam Deck, so they built their own

The homemade Ryzen Deck sitting on a desk.

It's hard to imagine that anyone interested in portable gaming hasn't heard of the Steam Deck, but one Redditor says they "didn't know" it existed. And because of that, they decided to build their own.

The 3D-printed contraption comes from Raven0606, who shared images of the completed handheld on the r/SBCGaming subreddit, which is dedicated to handheld emulators. The build took nine months to complete, and Raven0606 dubbed it the Ryzen Deck in honor of the Steam Deck (they found out about Valve's handheld halfway through the build process).

Computing

Razer made the best gaming mouse even better

The Razer Viper V3 Pro sitting among its accessories.

The Razer Viper has been one of the best gaming mice you can buy since its inception, and last year's Viper V3 was no exception. Just a few months after introducing the mouse, Razer is taking another swing at the design with the Viper V3 Pro. It promises the same excellent shape, high-performance sensor, and esports-level accuracy, but with a slew of additional features that build on the original design.

I've been testing out the Viper V3 Pro for a few days now. There are enough changes here to warrant a new entry into Razer's growing lineup of competitive gaming mice, and they not only make the mouse more performant, but also more comfortable to use. The $160 price tag is tough to stomach considering Razer's mainstream focus with the original Viper V3. But if you have the cash to spare, this Pro update is worth every penny.
Going for HyperSpeed

Computing

Save $300 on this HP desktop PC with an RTX 3060, 1TB SSD

hp envy desktop pc deal april 2024 te02 1075t

HP has a great discount one the HP Envy TE02-1075t desktop computer for anyone seeking a permanent inclusion in their home office or living room. Usually costing $1,600, it’s down to $1,300 so you save $300. One of the better desktop computer deals around, you can even play games on it making it great value for all kinds of reasons. Here’s what else you need to know before you hit the buy button.

Why you should buy the HP Envy TE02-1075t desktop computer
The HP Envy TE02-1075t has some great hardware contained within a sleek-looking shell which will look great in your home office. It has a 13th-generation Intel Core i7-13700 processor along with 16GB of memory. It also has 1TB of M.2 SSD storage so there’s plenty of storage here plus it’s super speedy. There’s also room for a great graphics card with the Nvidia GeForce RTX 3060 with 12GB of dedicated VRAM ensuring that the HP Envy TE02-1075t is capable of playing plenty of games without any issue.