Twitter released a security update for its Android Version with the fixes for a critical security vulnerability that allows attackers to take control of the private user’s Accounts.
Twitter for Android downloaded over 50 million Android users from the Google Play store.
The vulnerability only affected Twitter for Android, and this issue did not impact Twitter for iOS. it allows attackers to access the private user’s to account and send Tweets or Direct Messages on behalf of the targeted account.
To exploit the vulnerability, Attackers need to perform a complicated process that involved inserting the malicious code into the fully restricted storage area of Twitter.
Twitter essentially left a sensitive storage area of its app unprotected. By either through another third-party app or an unverified online download, hackers drop the malicious code.
According to the Twitter update ” it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.”
No evidence found by Twitter that malicious code was inserted in to the app or that this vulnerability was exploited but Twitter, not 100 % sure that the vulnerability being exploited.
Twitter fixes the vulnerability and notifies users via either through the Twitter app or by email with safety instruction. These instructions vary based on what versions of Android and Twitter for Android people are using.
“These instructions vary based on what versions of Android and Twitter for Android people are using. We recommend that people follow these instructions as soon as possible.” Twitter said.
You can update to the latest version of Twitter for Android to apply the patch for the vulnerability that existed in the previous version.