Serious Vulnerability in TweetDeck, Revoke Access Immediately

UPDATE: Twitter has provided a fix for the XSS vulnerability in its TweetDeck application referenced in this article.

Twitter has suspended services on its own Twitter application, TweetDeck, after a serious cross site scripting vulnerability emerged and was exploited by attackers on a grand scale.

According to Mike Mimoso of Threatpost, cross-site scripting occurs when attackers are able to inject code into webpages or web-based services that can automatically be executed by a user’s browser. Hackers successfully executing a cross-site scripting attack can remotely inject code, leading to data loss or service interruption.

Specifically in the case of TweetDeck, an attacker could take over a user’s account, post or delete tweets or deface the account. Exploit code was tweeted throughout the morning, and automatically retweeted tens of thousands of times.

“This vulnerability very specifically renders a tweet as code in the browser, allowing various cross site scripting (XSS) attacks to be run by simply viewing a tweet,” Trey Ford, global security strategist at Rapid7 told Threatpost. “The current attack we’re seeing is a ‘worm’ that self-replicates by creating malicious tweets. It looks like this primarily affects users of the Tweetdeck plugin for Google Chrome.”

We recommend logging into your Twitter account if you use TweetDeck and revoking access to immediately.

Below is a video demonstrating exactly how to do that, except you’ll need to pretend that the iOS 5 app is TweetDeck, because the dummy account on which the video was produced does not have TweetDeck installed.

Send to Kindle

Leave a Reply

Your email address will not be published. Required fields are marked *