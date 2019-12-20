Loading...

Twitter says it has fixed a vulnerability in its Android app that could allow malicious actors to view information from private accounts and take over profiles through a complex back-end process. If a hacker managed to exploit the loophole, he could send direct messages and tweets on behalf of the target account.

The social network claims so far that it has not detected an affected user, nor found evidence that an external service has benefited from the bug. Twitter, however, reaches out to people whose data may have been uncovered. It is unclear how long the vulnerability was left in public. The problem is not present in the iOS app from Twitter.

Twitter is now rolling out an update for its Android app. So if you are an Android user, you must go to the Play Store and install it immediately, regardless of whether Twitter has contacted you.

"We have no evidence that malicious code has been inserted into the app or that this vulnerability has been exploited, but we cannot be entirely sure, so we are extra careful. We have taken steps to resolve this issue and bring people directly to the height that could be exposed to this vulnerability, either through the Twitter app or by email with specific instructions to keep them safe, "the company said in a blog post.

Because the method of misuse of the glitch was not that simple, it is unlikely that many users were affected. Twitter essentially left a sensitive storage area of ​​its app unprotected. Due to another third-party app or an unverified online download, a hacker could theoretically use it to insert a piece of malicious code where Twitter stores your private data on your phone and abuses access to store your personal data pick up and post messages and tweets from your profile.

This latest security error is in many ways similar to that of about a month ago. On November 25, Facebook and Twitter said that private data of & # 39; hundreds of their users & # 39; were compromised by malicious Android apps from third parties. The violation, the two social media companies claimed, was caused by insufficient isolation between different software developer kits within one app on Android.

