Warning for MILLIONS of TikTok users over ‘tap of terror’ hack that could have infected your device in seconds
CYBER buffs have issued a warning about a TikTok vulnerability that could have allowed hackers to hijack people’s accounts.
In a blog post yesterday, researchers at Microsoft revealed a bug in the Android version of the app, which has 1.5billion downloads.
Fortunately, the “high-severity” glitch labelled CVE-2022-28799 is now fixed.
There is no evidence that attackers used it to break into accounts.
Were hackers to have exploited the software defect, they could have accessed accounts with a single tap.
A malicious link could have been distributed via email or other online messaging services.
Read more about TikTok
If the recipient were to tap the link, their account would have immediately been compromised.
From there, crooks could have publicised private videos, sent messages, and uploaded videos on victims’ behalf.
“The vulnerability allowed the app’s deeplink verification to be bypassed,” Microsoft wrote in a blog post on Wednesday.
“Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.”
Most read in Tech
The bug was spotted by Microsoft’s 365 Defender Research Team, who reported it to TikTok.
TikTok later fixed the problem and it is not believed that any accounts were compromised.
“The vulnerability … has been fixed and we did not locate any evidence of in-the-wild exploitation,” Microsoft said.
TikTok confirmed that there was “no evidence” that the bug was exploited by bad actors.
It highlights the importance of thinking twice before clicking on a link sent from an unknown email address or phone number.
If you’re unsure who’s sent you something, it’s best to take a moment to make sure it’s safe.
You can do that using link-checking services such as Norton Safe Web.
Read More on The Sun
If you believe you’ve been sent a malicious link or file, report the sender and delete the message immediately.
You should also always make sure that your smartphone and apps are up to date with the latest software.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...
- How to delete your Instagram account
- What does pending mean on Snapchat?
- How to check if you’ve been blocked on WhatsApp
- How to drop a pin on Google Maps
- How can I change my Facebook password?
- How to go live on TikTok
- How to clear the cache on an iPhone
- What is NFT art?
- What is OnlyFans?
- What does Meta mean?
Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk