TweetDeck XSS Hole Fixed

Friday, June 13, 2014 @ 01:06 PM gHale


Twitter re-enabled TweetDeck after taking it down following successful cross site scripting (XSS) attack.

TweetDeck is a popular social media dashboard application used for managing Twitter accounts. Twitter told TweetDeck users it had fixed a security issue and told them to logout and log back in to fully apply an update. An hour after that Twitter disabled the application, before re-enabling it an hour later.

RELATED STORIES
Google Fixes XSS Vulnerability
Malware Hitting Linux Machines
Malware Translates to Local Language
Malware Attack Approach: Deceptive Tactics

At the center of the situation was a bug that enabled cross-site scripting attacks, researchers said.

“This vulnerability very specifically renders a tweet as code in the browser, allowing various cross site scripting (XSS) attacks to be run by simply viewing a tweet,” said Trey Ford, global security strategist at Rapid7. The issue was a worm that was able to self-replicate by creating malicious tweets.

Even though Twitter patched the issue, there are still quite a few attempts to exploit the flaw going on, said Chester Wisniewski, senior security advisor at Sophos.

In a short period of time, the issue ended up exploited to cause tens of thousands of users to retweet a single message.

To fix the issue TweetDeck said to simply log out, and log back in.



Leave a Reply

You must be logged in to post a comment.