TweetDeck logo. Photograph: Twitter
A 'cross-site scripting' (XSS) vulnerability has been discovered on Twitter's Tweetdeck client, leaving millions of users open to account hijacking and more.
The official Tweetdeck account warned that although the flaw has been fixed, people should log out and back in to their accounts to get the update.
A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix.
- TweetDeck (@TweetDeck) June 11, 2014
The flaw leads to vulnerable versions of Tweetdeck (3.7.1-19002e5) running javascript code contained in tweets from other sites. Most attacks using the vulnerability are no more than irritations, opening warning dialogues on users' computers - though one version created a retweet of itself, and spread 38,000 times in two minutes.
Users who don't log out face the possibility of more dangerous attacks.
Theoretically, such flaws can be used to take over accounts, post tweets, unfollow and follow people, and more.
Twitter itself suffered a similar vulnerability in September 2010 that proved embarrassing after it was discovered by an Australian teenager.
Tweetdeck was originally a British company, and was acquired by Twitter for about £25m ($40m) in May 2011.
Twitter had not responded to a request for comment by the time of publication.
Tidak ada komentar :
Posting Komentar