A flaw in Twitter App for Android could have been exploited to take over the account

Pierluigi Paganini December 25, 2019

A flaw in the Twitter app for Android could have been exploited by attackers to obtain sensitive information or take over an account.

Twitter has recently addressed a security vulnerability that affected the Android version of the app, it could have been exploited by hackers to access sensitive information of the users (direct messages, protected tweets and location data) or take over their accounts.

The company is notifying the affected users through email and its app, it also recommends using the browser-based version of its social platform to the users that are unable to update the application.

The company did not disclose technical details about the vulnerability, it only said that the exploitation of the issue was very complex.

“We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages).” reads the advisory published by Twitter. “Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.”

Twitter flaw

Twitter declared that it is not aware of attacks in the wild that exploited the vulnerability.

“We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution.” concludes Twitter.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – privacy, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment