In the span of five days, reports of two Twitter Android app vulnerabilities have surfaced: one that could cause attackers to view nonpublic account information or control accounts, and another that reportedly allowed a researcher to look up details on 17 million accounts.
In a Dec. 20 blog post, Twitter noted that it issued an app update to fix the first bug, which can be exploited via a "complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app." Successfully performing this exploit would allow a malicious actor to access information such as direct messages, protected tweets and location information. However, Twitter said there is no evidence to suggest that anyone has successfully executed such an attack.
The San Francisco-based social media company said it has taken steps to notify and provide instructions to people that may have been exposed to the bug.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.