Twitter says it has patched a critical vulnerability in its Android app that could have potentially let malicious actors view information of private accounts and take over profiles through an intricate back-end process.
According to the social media network, the critical issue allows a bad actor to take control of your profile, allowing anybody to send tweets and DMs and access non-public information.
The vulnerability only required malicious code to be inserted into restricted storage areas of the Twitter Android app.
Twitter states that it has found no evidence that anyone’s actually exploited the vulnerability. However, it is taking all the necessary measures to fix the security flaw.
We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages). Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.
Based on the specific version of Android and the network’s app, the company is contacting users, via e-mail or inside the app , with instructions on how to proceed. Twitter is contacting them.
However, if you use Twitter on your Android phone, you should update to the latest version through the Play Store as soon as possible, regardless of whether you have been contacted or not.
According to the company, iOS users haven’t been affected by this issue and it only pertains to the Android app.