CVE-2022-28799
📋 TL;DR
This vulnerability in TikTok for Android allows attackers to take over user accounts through a malicious deeplink. Attackers can craft a URL that forces the app's WebView to load arbitrary websites and leverage JavaScript interfaces. Users running vulnerable TikTok versions on Android are affected.
💻 Affected Systems
- TikTok
📦 What is this software?
Tiktok by Tiktok
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover allowing attackers to access private data, post content, change settings, and perform actions as the victim.
Likely Case
Account compromise leading to unauthorized access, data theft, and potential social engineering attacks using the hijacked account.
If Mitigated
Limited impact with proper URL validation and WebView security controls preventing arbitrary website loading.
🎯 Exploit Status
Exploitation requires user interaction (clicking malicious link) but is straightforward once the deeplink is crafted.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 23.7.3 and later
Vendor Advisory: https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities
Restart Required: No
Instructions:
1. Open Google Play Store 2. Search for TikTok 3. Update to version 23.7.3 or higher 4. No restart required
🔧 Temporary Workarounds
Disable automatic app opening from links
androidPrevent TikTok from automatically opening links by changing Android settings
Settings > Apps > TikTok > Open by default > Clear defaults
🧯 If You Can't Patch
- Uninstall TikTok until patched version is available
- Use TikTok only through official web browser interface instead of mobile app
🔍 How to Verify
Check if Vulnerable:
Check TikTok version in app settings: Profile > Settings and privacy > About TikTokCheck Version:
Not applicable - check within TikTok app settingsVerify Fix Applied:
Confirm TikTok version is 23.7.3 or higher in app settings📡 Detection & Monitoring
Log Indicators:
- Unusual deeplink activity in TikTok logs
- Multiple failed authentication attempts from same device
Network Indicators:
- Unusual traffic patterns from TikTok app to unexpected domains
SIEM Query:
Not applicable - client-side vulnerability🔗 References
- https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr
- https://hackerone.com/reports/1500614
- https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities
- https://github.com/Ch0pin/security-advisories/security/advisories/GHSA-v39p-88q5-5cvr
- https://hackerone.com/reports/1500614
- https://support.tiktok.com/en/safety-hc/reporting-security-vulnerabilities/reporting-the-security-vulnerabilities
