What you need to know
- Twitter this week revealed a major vulnerability in its Android app.
- The exploit could allow an attacker to get access to sensitive information or even take control of a Twitter account.
- The company is communicating mitigation strategies to users it believes are at risk and is advising everyone to update the app.
Twitter's Android app was exposed to a nasty vulnerability for a bit, the company informed users in a new post on its privacy blog. The exploit could allow an attacker to "see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages)."
The exploit, which involved uploading malicious code to restricted storage areas of the app, has not yet been used to the company's knowledge, but the Twitter is cautioning users that it can't be sure. It's already fixed the issue in the latest version of the app and is asking all users to upgrade as soon as possible. It's also reaching out to users it believes may be at risk directly via email or Twitter with mitigation instructions.
The exploit could allow someone with malicious intent to access your Direct Messages, protected Tweets, and location information. Thankfully, the iOS app was spared from the mishap.
While you're at it, you may also want to update WhatsApp, as the messaging app, too, has fixed a bug in its app that could have allowed a nefarious actor to crash the app entirely without any recourse but to re-install it from scratch.
Twitter now supports 2-factor authentication without a phone number
