Executive Summary

CVE-2022-28799 is a high-severity vulnerability identified in the TikTok application for Android, specifically versions before 23.7.3. This vulnerability allows for account takeover through a one-click exploit, leveraging a JavaScript interface to execute the attack. The vulnerability has been assigned a CVSS score of 8.8, indicating its critical nature. While there are no confirmed reports of this vulnerability being exploited in the wild, its potential impact on user accounts makes it a significant concern for cybersecurity professionals and TikTok users alike.

Technical Information

CVE-2022-28799 is a critical vulnerability that affects the TikTok Android application versions before 23.7.3. The vulnerability arises from the app's handling of deeplinks, which are special URLs designed to open specific content within an app. An attacker can craft a malicious deeplink that, when clicked by a user, executes arbitrary JavaScript code within the context of the TikTok app. This allows the attacker to hijack the user's account.

The vulnerability is rooted in the way the TikTok app processes deeplinks. When a user clicks on a specially crafted deeplink, the app fails to properly sanitize the input, allowing the execution of arbitrary JavaScript code. This code can then interact with the app's WebView component, leading to a full account takeover. The attack vector is remote, and the exploitability is high, making it a significant threat.

The vulnerability has been assigned a CVSS score of 8.8, indicating its critical nature. The high score is due to the ease with which the vulnerability can be exploited and the potential impact on user accounts. The vulnerability allows for a complete account takeover, giving the attacker full control over the victim's TikTok account.

TikTok has released a patch in version 23.7.3 of the Android app to address this vulnerability. Users are strongly advised to update their app to the latest version to mitigate the risk. The patch ensures that the app properly sanitizes deeplink inputs, preventing the execution of arbitrary JavaScript code.

Exploitation in the Wild

Based on the data gathered, there are no confirmed reports of CVE-2022-28799 being exploited in the wild. Additionally, there are no available exploits for this vulnerability. This suggests that while the vulnerability is critical, it has not been actively targeted or exploited by threat actors in real-world scenarios.

APT Groups using this vulnerability

There are no specific APT groups known to have exploited this vulnerability. However, the nature of the vulnerability makes it a potential target for various cybercriminal groups seeking to hijack high-profile TikTok accounts. The sectors and countries targeted by APT groups are not specified in the available data.

Affected Product Versions

The affected product versions are the TikTok Android application versions before 23.7.3. Users of these versions are at risk of account takeover through the exploitation of CVE-2022-28799. It is crucial for users to update their app to the latest version to mitigate this risk.

Workaround and Mitigation

To mitigate the risk posed by CVE-2022-28799, users are strongly advised to update their TikTok Android application to version 23.7.3 or later. The update includes a patch that addresses the vulnerability by ensuring that the app properly sanitizes deeplink inputs, preventing the execution of arbitrary JavaScript code.

In addition to updating the app, users should be vigilant for signs of account compromise. Indicators of compromise (IOCs) include unusual account activity, such as changes in profile information or unauthorized posts, unexpected login notifications from the TikTok app, and the presence of unknown devices in the account's login history.

References

1. NVD - CVE-2022-28799
2. Microsoft Security Blog
3. The Hacker News
4. CloudDefense.ai
5. AlienVault OTX

Rescana is here for you

At Rescana, we understand the critical importance of staying ahead of cybersecurity threats. Our Continuous Threat and Exposure Management (CTEM) platform helps customers identify, assess, and mitigate vulnerabilities like CVE-2022-28799. We are committed to providing you with the tools and insights needed to protect your digital assets. If you have any questions about this report or any other issue, please do not hesitate to contact us at ops@rescana.com.