In the latest update of the social networking mobile application for the Android platform, Twitter developers have eliminated a serious vulnerability that could be used by attackers to view hidden information of user accounts. In addition, it could be used to post tweets and send private messages on behalf of the victim.
A post on the official Twitter developer blog states that the vulnerability could have been used by attackers to trigger a complex process of injecting malicious code into the internal storage of the Twitter application. It is assumed that this error could be used to obtain data about the location of the user device.
The developers say that they have no evidence at their disposal that the mentioned vulnerability was used by anyone in practice. However, they warn that this could happen. βWe cannot be completely sure that the vulnerability was not exploited by attackers, so we are taking extra care,β the Twitter developers said in a message.
Twitter representatives are currently contacting users who they believe may have been affected to instruct them on how to protect their account on the social network. It is noted that users of the Twitter mobile application for the iOS platform are not affected by this vulnerability. If you receive a message from Twitter, you should follow the instructions provided in it to secure your account. In addition, the developers recommend updating the application to the latest version as soon as possible through the Play Store digital content store, if this has not already been done. If necessary, users are encouraged to contact Twitter support for more information on how to secure their own account on the social network.
Source: 3dnews.ru