Critical Cross-Site Scripting Vulnerability Hits Twitter

Critical Cross-Site Scripting Vulnerability Hits Twitter

As far as security is concerned, Twitter has been having a bad time over the past few months. There have been innumerable incidents of Twitter malware and scripting vulnerabilities besides the infamous TwitterGate incident. James Slater has uncovered another serious Cross-Site Scripting Vulnerability in Twitter which can allow hackers to gain control of your account just for viewing their Tweets.

You can find the details about the exploit here (or just watch the video embedded above). But in plain and simple terms, the problem is that Twitter allows developers utilising their API to put whatever they want in the application link (the link automatically identifies your twitter client). According to Slater Twitter is aware of this exploit but is yet to fix the issue.

This exploit is really scary since viewing the malicious tweet is sufficient for the hacker to steal your login information. If you are not logged into Twitter you would be safe or using a 3rd party Twitter client you should be safe. Hence, till Twitter goes ahead and fixes this vulnerability don’t tweet from the Twitter’s web interface.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>