A flaw in the Twitter app for Android could have been exploited by attackers to obtain sensitive information or take over an account.
Twitter has recently addressed a security vulnerability that affected the Android version of the app, it could have been exploited by hackers to access sensitive information of the users (direct messages, protected tweets and location data) or take over their accounts.
The company is notifying the affected users through email and its app, it also recommends using the browser-based version of its social platform to the users that are unable to update the application.
The company did not disclose technical details about the vulnerability, it only said that the exploitation of the issue was very complex.
“We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages).” reads the advisory published by Twitter. “Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.”
Twitter declared that it is not aware of attacks in the wild that exploited the vulnerability.
“We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution.” concludes Twitter.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.