Twitter issued a new security alert. The company said that the security team found a serious security vulnerability in the Twitter app for Android. An attacker could directly access the user’s account information by using this vulnerability, including using the user account to tweet, private messages, browse private messages, or check the location. At present, Twitter has released an emergency repaired version of the Android to resolve the vulnerability. Users using the Android version of Twitter should immediately upgrade to the latest version of Twitter.
Twitter stated in the security blog that the exploitation process of the vulnerability is relatively complicated, at least at this stage there is no evidence that the vulnerability has been exploited in the wild. To take advantage of this security hole, you need to insert malicious code into the restricted storage area of Twitter Android and then use some kind of prevention to execute this code. When the attacker successfully executes the code, he has account management permissions, and can directly access the user’s account and view protected tweets and other private information. Although there is no evidence that hackers have exploited the vulnerability, Twitter has sent emails to all Android users to remind users to upgrade to the latest version for security reasons.
It should also be reminded that this vulnerability can operate user accounts on the Android version of Twitter, but essentially the user’s account password is not directly stolen by the attacker. Therefore, even if users use the Android version of Twitter, there is no need to change the password. The official Twitter did not mention that the password needs to be changed in security blogs and emails. Of course, Twitter is still conducting a detailed investigation of the security vulnerability.